CVE-2014-3946: Typo3 Information Disclosure
(updated )
Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml
- github.com/TYPO3/typo3
- github.com/advisories/GHSA-vccp-5v5h-p8m6
- nvd.nist.gov/vuln/detail/CVE-2014-3946
- typo3.org/security/advisory/typo3-core-sa-2014-001
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
Code Behaviors & Features
Detect and mitigate CVE-2014-3946 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →