7.5

CVE-2021-43564

EPSS 1.4%
Veröffentlicht 10.11.2021 16:15:09
Zuletzt bearbeitet 21.11.2024 06:29:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Job Fair Project ≫ Job Fair SwPlatformtypo3 Version < 1.0.13

Job Fair Project ≫ Job Fair SwPlatformtypo3 Version >= 2.0.0 < 2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.4%	0.797

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://typo3.org/security/advisory/typo3-ext-sa-2021-018

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43564

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43564

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43564

EUVD