CVE-2023-25013
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-25013
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25013.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-25013
- Aliases
- Published
- 2023-02-02T01:15:08Z
- Modified
- 2024-10-12T10:44:25.509375Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
- References
Affected packages
Git / github.com/in2code-de/femanager
Affected ranges
- Type
- GIT
- Repo
- https://github.com/in2code-de/femanager
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.1
1.0.10
1.0.11
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.2.2
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
1.5.2
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.5.1
2.6.0
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.3.0
4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
5.*
5.0.0
5.1.0
5.1.1
5.2.0
5.3.0
5.3.1
5.4.0
5.4.1
5.4.2
5.5.0
5.5.1
5.5.2