GHSA-4r76-xr68-w7m7 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2.0 <6.2.14 || >=7.0.0 <7.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.

Metadata

Created: 2024-05-30T21:02:59Z
Modified: 2024-05-30T21:02:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-4r76-xr68-w7m7/GHSA-4r76-xr68-w7m7.json
CWE IDs: ["CWE-269"]
Alternative ID: N/A
Finding: F159
Auto approve: 1