GHSA-vccp-5v5h-p8m6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vccp-5v5h-p8m6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vccp-5v5h-p8m6/GHSA-vccp-5v5h-p8m6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vccp-5v5h-p8m6
- Aliases
-
- CVE-2014-3946
- Published
- 2022-05-17T04:42:47Z
- Modified
- 2024-11-30T05:32:43.154568Z
- Summary
- Typo3 Information Disclosure
- Details
-
Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
- Database specific
{ "nvd_published_at": "2014-06-03T14:55:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-16T23:29:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3946
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms