CVE-2024-24751 – derhansen/sf_event_mgt

Package

Manager: composer
Name: derhansen/sf_event_mgt
Vulnerable Version: >=7.0.0 <7.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00318 pctl0.54241

Details

derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled.

Metadata

Created: 2024-02-13T17:01:16Z
Modified: 2024-02-13T21:57:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-4576-pgh2-g34j/GHSA-4576-pgh2-g34j.json
CWE IDs: ["CWE-284", "CWE-863"]
Alternative ID: GHSA-4576-pgh2-g34j
Finding: F039
Auto approve: 1