Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jY2hwLTNycTYtNjl3as4AA9RD
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.
Permalink: https://github.com/advisories/GHSA-cchp-3rq6-69wjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jY2hwLTNycTYtNjl3as4AA9RD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 4 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Identifiers: GHSA-cchp-3rq6-69wj, CVE-2024-38874
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-38874
- https://typo3.org/security/advisory/typo3-ext-sa-2024-003
- https://github.com/FriendsOfPHP/security-advisories/blob/master/jweiland/events2/CVE-2024-38874.yaml
- https://github.com/advisories/GHSA-cchp-3rq6-69wj
Affected Packages
packagist:jweiland/events2
Dependent packages: 1Dependent repositories: 1
Downloads: 42,076 total
Affected Version Ranges: >= 9.0.0, < 9.0.6, < 8.3.8
Fixed in: 9.0.6, 8.3.8
All affected versions: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.3.0, 2.3.1, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.2.2, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.9.0, 3.9.1, 3.9.2, 3.10.0, 3.10.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 8.0.0, 8.0.1, 8.1.0, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5
All unaffected versions: 8.3.8, 8.3.9, 8.3.10, 8.3.11, 8.3.12, 9.0.6, 9.0.7, 9.0.8, 9.0.9