GHSA-59m9-p6cm-94q5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-59m9-p6cm-94q5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-59m9-p6cm-94q5/GHSA-59m9-p6cm-94q5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-59m9-p6cm-94q5
- Aliases
- Published
- 2022-11-03T18:10:52Z
- Modified
- 2024-11-30T05:37:26.716134Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- TYPO3 Extension femanager vulnerable to Broken Access Control
- Details
-
The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The
usergroup.inListvalidation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only exploitable if the field usergroup is available in the registration form. Versions 5.5.2, 6.3.3, and 7.0.1 contain patches. - Database specific
{ "nvd_published_at": "2023-12-12T17:15:07Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-03T18:10:52Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-44543
- https://github.com/in2code-de/femanager/commit/827edbc767b1cb6c0cb77d82e46b88fea3b22ad9
- https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2022-44543.yaml
- https://github.com/in2code-de/femanager
- https://github.com/in2code-de/femanager/releases/tag/5.5.2
- https://github.com/in2code-de/femanager/releases/tag/6.3.3
- https://github.com/in2code-de/femanager/releases/tag/7.0.1
- https://typo3.org/help/security-advisories
- https://typo3.org/security/advisory/typo3-ext-sa-2022-015
Affected packages
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager