GHSA-wr3c-6c22-m9v6

Suggest an improvement
Source
https://github.com/advisories/GHSA-wr3c-6c22-m9v6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-wr3c-6c22-m9v6/GHSA-wr3c-6c22-m9v6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wr3c-6c22-m9v6
Published
2024-06-05T17:28:04Z
Modified
2024-12-02T05:45:57.450030Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Privilege Escalation in TYPO3 Neos
Details

It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T17:28:04Z"
}
References

Affected packages

Packagist / typo3/neos

Package

Name
typo3/neos
Purl
pkg:composer/typo3/neos

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.3

Affected versions

1.*

1.1.0
1.1.1
1.1.2

Packagist / typo3/neos

Package

Name
typo3/neos
Purl
pkg:composer/typo3/neos

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.2.3

Affected versions

1.*

1.2.0
1.2.1
1.2.2