GHSA-7gpw-frph-fwrg

Suggest an improvement
Source
https://github.com/advisories/GHSA-7gpw-frph-fwrg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-7gpw-frph-fwrg/GHSA-7gpw-frph-fwrg.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7gpw-frph-fwrg
Aliases
  • CVE-2022-47407
Published
2022-12-14T21:30:16Z
Modified
2023-11-27T23:01:06.752527Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Details

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.

Database specific
{
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T21:57:03Z"
}
References

Affected packages

Packagist / fixpunkt/fp-masterquiz

Package

Name
fixpunkt/fp-masterquiz
Purl
pkg:composer/fixpunkt/fp-masterquiz

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.5.2

Packagist / fixpunkt/fp-masterquiz

Package

Name
fixpunkt/fp-masterquiz
Purl
pkg:composer/fixpunkt/fp-masterquiz

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1

Affected versions

v1.*

v1.0.0