Описание
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.
Ссылки
- https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
- https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2015-002
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 6.2.0, < 6.2.14
6.2.14
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 7.0.0, < 7.3.1
7.3.1
8.8 High
CVSS3
Дефекты
CWE-269
8.8 High
CVSS3
Дефекты
CWE-269