Lucene search

GitHub Advisory DatabaseGHSA-4576-PGH2-G34J

HistoryFeb 13, 2024 - 5:01 p.m.

derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module

2024-02-1317:01:16

CWE-284

GitHub Advisory Database

github.com

typo3 extension

sf_event_mgt

broken access control

backend module

vulnerable

update

redirectresponse

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the $this->redirect() function was never handled.

Affected configurations

Vulners

Node

derhansenevent_management_and_registrationRange<7.4.0

CPENameOperatorVersion
derhansen/sf_event_mgtlt7.4.0

CPE	Name	Operator	Version
	derhansen/sf_event_mgt	lt	7.4.0

References

github.com/advisories/GHSA-4576-pgh2-g34j

github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c

github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j

nvd.nist.gov/vuln/detail/CVE-2024-24751

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for GHSA-4576-PGH2-G34J