GHSA-43cf-7f3h-38rg

Source

https://github.com/advisories/GHSA-43cf-7f3h-38rg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-43cf-7f3h-38rg/GHSA-43cf-7f3h-38rg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-43cf-7f3h-38rg

Published

2024-05-17T23:03:46Z

Modified

2024-05-17T23:03:46Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Privilege Escalation in TYPO3 Neos

Details

It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-17T23:03:46Z"
}

References

Affected packages

Packagist / neos/neos

Package

Name: neos/neos
Purl: pkg:composer/neos/neos

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Packagist / neos/neos

Package

Name: neos/neos
Purl: pkg:composer/neos/neos

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.3