CVE-2019-19712

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-19712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19712
Aliases
Published
2019-12-17T14:15:18.153Z
Modified
2026-04-10T04:16:24.122746Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
da8a867d8335c4ca55e5085dac11f1fecd12650e
Last affected
0dae4caadb79f1581d1851d849955929318bc7d9
Introduced
879e05ecc75a6bf70aabc1c3d867eb420f291f60
Last affected
e2234567e8a17ff151137c288b14591213652195
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
84b2fe637d5ead531f117f26b48d1b9de8df4074
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a112b68dcb5215b01f2c4c4b8de6bcb3d3b9ae81
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dfb96f2755181aedb587e897316a656dd933df31
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
afeedc98905a9dedd598f5a5814decc1ad1b008d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b09b4d51d13d37b4bfcd2ef4314fc6a20184dc55
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c3e0c88e63095d83fd37fb96c4381de7658de4dc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b4dda036c2c0fc7d17c1aa402eaacf6b5dc335fc
Database specific 
{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "last_affected": "4.4.45"
        },
        {
            "introduced": "4.8"
        },
        {
            "last_affected": "4.8.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.7"
        }
    ]
}

Affected versions

4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.4.22
4.4.23
4.4.24
4.4.25
4.4.26
4.4.27
4.4.28
4.4.29
4.4.30
4.4.31
4.4.32
4.4.33
4.4.34
4.4.35
4.4.36
4.4.37
4.4.38
4.4.39
4.4.40
4.4.41
4.4.42
4.4.43
4.4.44
4.4.45
4.5.0
4.6.0
4.7.0
4.7.0-RC1
4.7.0-RC2
4.7.0-RC3
4.7.0-RC4
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19712.json"