CVE-2023-50462 – t3s/content-consent

Package

Manager: composer
Name: t3s/content-consent
Vulnerable Version: >=2.0.0 <2.0.2 || >=0 <1.0.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Insecure Direct Object Reference in extension "Content Consent" (content_consent) The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.

Metadata

Created: 2023-12-13T23:12:32Z
Modified: 2023-12-13T23:12:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-j8cw-ppmv-wj85/GHSA-j8cw-ppmv-wj85.json
CWE IDs: []
Alternative ID: GHSA-j8cw-ppmv-wj85
Finding: F039
Auto approve: 1