Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01OW05LXA2Y20tOTRxNc4AAvsG

Moderate EPSS: 0.00259% (0.49074 Percentile) EPSS:
Permalink JSON

TYPO3 Extension femanager vulnerable to Broken Access Control

Affected Packages Affected Versions Fixed Versions
packagist:in2code/femanager < 5.5.2, >= 6.0.0, < 6.3.3, >= 7.0.0, < 7.0.1 5.5.2, 6.3.3, 7.0.1
5 Dependent packages
8 Dependent repositories
645,216 Downloads total

Affected Version Ranges

All affected versions

2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.3.0, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 5.3.0, 5.3.1, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.5.1, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 7.0.0

All unaffected versions

5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 6.4.2, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.3.0, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.3.0

The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The usergroup.inList validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only exploitable if the field usergroup is available in the registration form. Versions 5.5.2, 6.3.3, and 7.0.1 contain patches.

References:

Identifiers

GHSA-59m9-p6cm-94q5

CVE-2022-44543

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00259

EPSS Percentile: 0.49074

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/in2code-de/femanager

Date and time

Published

over 2 years ago

Updated

over 1 year ago

API

JSON