exploitDog

CVE-2021-43563

Опубликовано: 10 нояб. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.

Ссылки

https://typo3.org/security/advisory/typo3-ext-sa-2021-017
Patch
Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2021-017
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pixxio:pixx.io:*:*:*:*:*:typo3:*:*

Версия до 1.0.6 (исключая)

EPSS

Процентиль: 74%

0.0084

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5j5p-cr5c-763j

CVSS3: 8.8

github

больше 3 лет назад

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.

EPSS

Процентиль: 74%

0.0084

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other