Lucene search

Ubuntu.comUB:CVE-2014-3946

HistoryJun 03, 2014 - 12:00 a.m.

CVE-2014-3946

2014-06-0300:00:00

ubuntu.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

The query caching functionality in the Extbase Framework component in TYPO3
6.2.0 before 6.2.3 does not properly validate group permissions, which
allows remote authenticated users to read arbitrary queries via unspecified
vectors.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749215>

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

launchpad.net/bugs/cve/CVE-2014-3946

nvd.nist.gov/vuln/detail/CVE-2014-3946

security-tracker.debian.org/tracker/CVE-2014-3946

www.cve.org/CVERecord?id=CVE-2014-3946

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for UB:CVE-2014-3946