GHSA-4576-pgh2-g34j

Source

https://github.com/advisories/GHSA-4576-pgh2-g34j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-4576-pgh2-g34j/GHSA-4576-pgh2-g34j.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-4576-pgh2-g34j

Aliases

CVE-2024-24751

Published

2024-02-13T17:01:16Z

Modified

2024-10-18T19:00:48.909656Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module

Details

The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the $this->redirect() function was never handled.

Database specific

{
    "github_reviewed_at": "2024-02-13T17:01:16Z",
    "cwe_ids": [
        "CWE-284",
        "CWE-863"
    ],
    "nvd_published_at": "2024-02-13T19:15:10Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Packagist / derhansen/sf_event_mgt

Package

Name: derhansen/sf_event_mgt
Purl: pkg:composer/derhansen/sf_event_mgt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.4.0

Affected versions

7.*

7.0.0

7.1.0

7.1.1

7.1.2

7.1.3

7.2.0

7.3.0

7.3.1

7.3.2

7.3.3