Lucene search

GoogleOSV:GHSA-VCCP-5V5H-P8M6

HistoryMay 17, 2022 - 4:42 a.m.

Typo3 Information Disclosure

2022-05-1704:42:47

Google

osv.dev

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.

CPENameOperatorVersion
typo3/cmseq6.2.0
typo3/cmseq6.2.2
typo3/cmseq6.2.1

Name	Operator	Version
typo3/cms	eq	6.2.0
typo3/cms	eq	6.2.2
typo3/cms	eq	6.2.1

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml

nvd.nist.gov/vuln/detail/CVE-2014-3946

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for OSV:GHSA-VCCP-5V5H-P8M6