GHSA-4rpv-g4gq-rh4m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4rpv-g4gq-rh4m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4rpv-g4gq-rh4m/GHSA-4rpv-g4gq-rh4m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4rpv-g4gq-rh4m
- Aliases
-
- CVE-2013-7073
- Published
- 2022-05-17T03:46:18Z
- Modified
- 2023-11-08T03:57:27.463407Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
- Details
-
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
- Database specific
{ "nvd_published_at": "2013-12-23T23:55:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-28T23:47:48Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-7073
- https://github.com/TYPO3/typo3
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
- http://seclists.org/oss-sec/2013/q4/473
- http://seclists.org/oss-sec/2013/q4/487
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- http://www.debian.org/security/2014/dsa-2834
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms