An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://typo3.org/security/advisory/typo3-ext-sa-2024-006 |
History
Fri, 30 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
In2code
In2code powermail |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:in2code:powermail:*:*:*:*:*:typo3:*:* | |
Vendors & Products |
In2code
In2code powermail |
Thu, 29 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Typo3
Typo3 typo3 |
|
Weaknesses | CWE-284 | |
CPEs | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
Vendors & Products |
Typo3
Typo3 typo3 |
|
Metrics |
cvssV3_1
|
Wed, 28 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-28T00:00:00
Updated: 2024-08-29T13:25:41.055Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45233
Vulnrichment
Updated: 2024-08-29T13:25:03.595Z
NVD
Status : Analyzed
Published: 2024-08-29T00:15:09.293
Modified: 2024-08-30T16:33:56.720
Link: CVE-2024-45233
Redhat
No data.