GHSA-mh3r-6cp5-hc2j – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=8.2.0 <8.6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Authentication Bypass in TYPO3 Frontend Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users.

Metadata

Created: 2024-06-05T16:55:00Z
Modified: 2024-06-05T16:55:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-mh3r-6cp5-hc2j/GHSA-mh3r-6cp5-hc2j.json
CWE IDs: []
Alternative ID: N/A
Finding: F006
Auto approve: 1