CVE-2024-38874 – jweiland/events2

Package

Manager: composer
Name: jweiland/events2
Vulnerable Version: >=0 <8.3.8 || >=9.0.0 <9.0.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00303 pctl0.53085

Details

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.

Metadata

Created: 2024-06-21T09:30:26Z
Modified: 2025-03-24T21:45:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-cchp-3rq6-69wj/GHSA-cchp-3rq6-69wj.json
CWE IDs: ["CWE-639", "CWE-693"]
Alternative ID: GHSA-cchp-3rq6-69wj
Finding: F274
Auto approve: 1