Lucene search

PRIOn knowledge basePRION:CVE-2014-3946

HistoryJun 03, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-06-0314:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.9%

JSON

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

CPENameOperatorVersion
typo3eq6.2.1
typo3eq6.2.0 beta1
typo3eq6.2
typo3eq6.2.2
typo3eq6.2.0 beta3
typo3eq6.2.0 beta2

Name	Operator	Version
typo3	eq	6.2.1
typo3	eq	6.2.0 beta1
typo3	eq	6.2
typo3	eq	6.2.2
typo3	eq	6.2.0 beta3
typo3	eq	6.2.0 beta2

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for PRION:CVE-2014-3946