4 matches found
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24980
The CVE-2022-24980 issue affects Kitodo.Presentation (dlf) in TYPO3 before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4, where a missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs. This enables server-side request forgery (SSRF), letting an attacker v...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...