GitHub Advisory DatabaseGHSA-VCCP-5V5H-P8M6Typo3 Information Disclosure
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
46.2%
Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
Affected configurations
References
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
www.debian.org/security/2014/dsa-2942
www.openwall.com/lists/oss-security/2014/06/03/2
github.com/advisories/GHSA-vccp-5v5h-p8m6
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml
nvd.nist.gov/vuln/detail/CVE-2014-3946
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
46.2%