CVE-2020-25025 – localizationteam/l10nmgr

Package

Manager: composer
Name: localizationteam/l10nmgr
Vulnerable Version: >=0 <7.4.0 || >=8.0.0 <8.7.0 || >=9.0.0 <9.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00129 pctl0.33208

Details

Incorrect Authorization in TYPO3 extension The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).

Metadata

Created: 2021-07-26T21:41:22Z
Modified: 2021-07-28T19:21:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-cv9j-78f7-w6v9/GHSA-cv9j-78f7-w6v9.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-cv9j-78f7-w6v9
Finding: F006
Auto approve: 1