CVE-2014-3946
published 2014-06-03CVE-2014-3946: The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows…
PriorityP420medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.12%
62.0th percentile
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 6.2.0 < 6.2.3 | 6.2.3 |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Typo3 Information Disclosure
osv·2022-05-17
CVE-2014-3946 [MEDIUM] Typo3 Information Disclosure
Typo3 Information Disclosure
Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
GHSA
Typo3 Information Disclosure
ghsa·2022-05-17
CVE-2014-3946 [MEDIUM] CWE-200 Typo3 Information Disclosure
Typo3 Information Disclosure
Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/http://www.debian.org/security/2014/dsa-2942http://www.openwall.com/lists/oss-security/2014/06/03/2http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/http://www.debian.org/security/2014/dsa-2942http://www.openwall.com/lists/oss-security/2014/06/03/2
2014-06-03
Published