Описание
Contao does not properly manage privileges for page and article fields
Impact
Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions.
Patches
Update to Contao 5.3.38 or 5.6.1.
Workarounds
None.
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
Ссылки
Пакеты
contao/core-bundle
>= 5.3.0, < 5.3.38
5.3.38
contao/core-bundle
>= 5.4.0-RC1, < 5.6.1
5.6.1
contao/contao
>= 5.3.0, < 5.3.38
5.3.38
contao/contao
>= 5.4.0-RC1, < 5.6.1
5.6.1
Связанные уязвимости
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.