Lucene search

GitHub Advisory DatabaseGHSA-R674-MC9P-HVW5

HistoryMay 17, 2022 - 4:54 a.m.

TYPO3 Improper Access Control vulnerability

2022-05-1704:54:37

CWE-284

GitHub Advisory Database

github.com

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<6.1.6

typo3cms_poll_system_extensionRange<6.0.11

typo3cms_poll_system_extensionRange<4.7.16

typo3cms_poll_system_extensionRange<4.5.31

CPENameOperatorVersion
typo3/cms-corelt6.1.6
typo3/cms-corelt6.0.11
typo3/cms-corelt4.7.16
typo3/cms-corelt4.5.31

Name	Operator	Version
typo3/cms-core	lt	6.1.6
typo3/cms-core	lt	6.0.11
typo3/cms-core	lt	4.7.16
typo3/cms-core	lt	4.5.31

References

seclists.org/oss-sec/2013/q4/473

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/

www.debian.org/security/2014/dsa-2834

github.com/advisories/GHSA-r674-mc9p-hvw5

nvd.nist.gov/vuln/detail/CVE-2013-7081

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for GHSA-R674-MC9P-HVW5