Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qOGN3LXBwbXYtd2o4Nc4AA3v9
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.
Permalink: https://github.com/advisories/GHSA-j8cw-ppmv-wj85JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOGN3LXBwbXYtd2o4Nc4AA3v9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 12 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-j8cw-ppmv-wj85, CVE-2023-50462
References:
- https://github.com/FriendsOfPHP/security-advisories/blob/master/t3s/content-consent/CVE-2023-50462.yaml
- https://typo3.org/security/advisory/typo3-ext-sa-2023-009
- https://github.com/advisories/GHSA-j8cw-ppmv-wj85
Affected Packages
packagist:t3s/content-consent
Dependent packages: 0Dependent repositories: 0
Downloads: 1,604 total
Affected Version Ranges: < 1.0.3, >= 2.0.0, < 2.0.2
Fixed in: 1.0.3, 2.0.2
All affected versions: 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1
All unaffected versions: 1.0.3, 2.0.2, 3.0.0, 3.0.1