GHSA-mh3r-6cp5-hc2j

Source

https://github.com/advisories/GHSA-mh3r-6cp5-hc2j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-mh3r-6cp5-hc2j/GHSA-mh3r-6cp5-hc2j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mh3r-6cp5-hc2j

Published

2024-06-05T16:55:00Z

Modified

2024-12-02T05:43:18.661994Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Authentication Bypass in TYPO3 Frontend

Details

Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T16:55:00Z"
}

References

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-1.yaml

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.2.0

Fixed

8.6.1

Affected versions

8.*

8.2.0

8.2.1

8.3.0

8.3.1

8.4.0

8.4.1

8.5.0

8.5.1

8.6.0