Lucene search

[email protected]NVD:CVE-2022-47407

HistoryDec 14, 2022 - 9:15 p.m.

CVE-2022-47407

2022-12-1421:15:13

[email protected]

web.nvd.nist.gov

typo3

fp_masterquiz

quiz hijacking

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

31.5%

JSON

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user’s answers and modify those answers.

Affected configurations

Nvd

Node

master-quiz_projectmaster-quizRange<2.2.1typo3

master-quiz_projectmaster-quizRange3.0.0–3.5.1typo3

VendorProductVersionCPE
master-quiz_projectmaster-quiz*cpe:2.3:a:master-quiz_project:master-quiz:*:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
master-quiz_project	master-quiz	*	cpe:2.3:a:master-quiz_project:master-quiz::::::typo3::*

References

typo3.org/security/advisory/typo3-ext-sa-2022-018

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

31.5%

JSON

Related for NVD:CVE-2022-47407

osv1 cve1 cvelist1 github1 friendsofphp1 prion1