GHSA-wr3c-6c22-m9v6

Source

https://github.com/advisories/GHSA-wr3c-6c22-m9v6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-wr3c-6c22-m9v6/GHSA-wr3c-6c22-m9v6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wr3c-6c22-m9v6

Published

2024-06-05T17:28:04Z

Modified

2024-12-02T05:52:15.858946Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Privilege Escalation in TYPO3 Neos

Details

It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T17:28:04Z"
}

References

Affected packages

Packagist / typo3/neos

Package

Name: typo3/neos
Purl: pkg:composer/typo3/neos

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Packagist / typo3/neos

Package

Name: typo3/neos
Purl: pkg:composer/typo3/neos

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.3

Affected versions

1.*

1.2.0

1.2.1

1.2.2