CVE-2014-3946 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2.0 <6.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00151 pctl0.36271

Details

Typo3 Information Disclosure Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.

Metadata

Created: 2022-05-17T04:42:47Z
Modified: 2025-04-14T21:45:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vccp-5v5h-p8m6/GHSA-vccp-5v5h-p8m6.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-vccp-5v5h-p8m6
Finding: F038
Auto approve: 1