Lucene search
MitreVULNRICHMENT:CVE-2024-45233HistoryAug 28, 2024 - 12:00 a.m.
CVE-2024-45233
2024-08-2800:00:00
mitre
github.com
1
typo3
powermail extension
broken access control
AI Score
7
Confidence
High
EPSS
0.001
Percentile
39.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
],
"vendor": "typo3",
"product": "typo3",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "12.4.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.5.0"
},
{
"status": "unaffected",
"version": "8.5.0"
},
{
"status": "unaffected",
"version": "10.9.0"
}
],
"defaultStatus": "unknown"
}
]Related
github
github
Powermail TYPO3 extension Broken Access Control in the OutputController
2024-08-29 00:31:35
veracode
veracode
Broken Access Control
2024-08-30 07:26:08
cve
cve
CVE-2024-45233
2024-08-29 00:15:09
cvelist
cvelist
CVE-2024-45233
2024-08-28 00:00:00
osv
osv
Powermail TYPO3 extension Broken Access Control in the OutputController
2024-08-29 00:31:35
nvd
nvd
CVE-2024-45233
2024-08-29 00:15:09
AI Score
7
Confidence
High
EPSS
0.001
Percentile
39.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-45233