Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cmctN3Jwci1jd3Iy
Information Disclosure in TYPO3 extension sf_event_mgt
A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure.
Another missing access check in the backend module allows an authenticated backend user to send emails to event participants for events which the user does not have access to, resulting in Broken Access Control.
External reference: https://typo3.org/security/advisory/typo3-ext-sa-2020-017
Permalink: https://github.com/advisories/GHSA-g8rg-7rpr-cwr2JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cmctN3Jwci1jd3Iy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-g8rg-7rpr-cwr2, CVE-2020-25026
References:
- https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-g8rg-7rpr-cwr2
- https://github.com/derhansen/sf_event_mgt/commit/17edcbf608b252cc1123e1279f0735f6aa28fef4
- https://packagist.org/packages/derhansen/sf_event_mgt
- https://typo3.org/security/advisory/typo3-ext-sa-2020-017
- https://nvd.nist.gov/vuln/detail/CVE-2020-25026
- https://typo3.org/help/security-advisories
- https://github.com/advisories/GHSA-g8rg-7rpr-cwr2
Blast Radius: 2.1
Affected Packages
packagist:derhansen/sf_event_mgt
Dependent packages: 3Dependent repositories: 3
Downloads: 210,975 total
Affected Version Ranges: >= 5.0.0, < 5.1.1, < 4.3.1
Fixed in: 5.1.1, 4.3.1
All affected versions: 1.2.0, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 2.0.0, 2.1.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 5.0.0, 5.0.1, 5.1.0
All unaffected versions: 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 5.1.1, 5.2.0, 5.3.0, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.6.0, 5.6.1, 5.7.0, 5.8.0, 5.9.0, 5.9.1, 5.9.2, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 7.0.0, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.5.0, 7.5.1, 7.6.0, 8.0.0