exploitDog

CVE-2022-24979

Опубликовано: 19 фев. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.

Ссылки

https://typo3.org/help/security-advisories
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2022-003
Patch
Vendor Advisory
https://typo3.org/help/security-advisories
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2022-003
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mittwald:varnishcache:*:*:*:*:*:typo3:*:*

Версия до 2.0.1 (исключая)

EPSS

Процентиль: 45%

0.00226

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-cr4w-39ww-9jpm

github

почти 4 года назад

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.

EPSS

Процентиль: 45%

0.00226

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639