GHSA-772m-43f3-hmf8

Suggest an improvement
Source
https://github.com/advisories/GHSA-772m-43f3-hmf8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-772m-43f3-hmf8/GHSA-772m-43f3-hmf8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-772m-43f3-hmf8
Published
2024-06-07T17:15:33Z
Modified
2024-12-04T05:24:22.720206Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
TYPO3 Broken Access Control in Localization Handling
Details

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-07T17:15:33Z"
}
References

Affected packages

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.7.23

Affected versions

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.3.1
8.4.0
8.4.1
8.5.0
8.5.1
8.6.0
8.6.1
8.7.0
8.7.1
8.7.2

v8.*

v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22