CVE-2023-25014

EPSS 0.84%
Veröffentlicht 02.02.2023 01:15:08
Zuletzt bearbeitet 26.03.2025 18:15:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

In2code ≫ Femanager SwPlatformtypo3 Version < 5.5.3

In2code ≫ Femanager SwPlatformtypo3 Version >= 6.0.0 < 6.3.4

In2code ≫ Femanager SwPlatformtypo3 Version >= 7.0.0 < 7.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.742

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cve@mitre.org	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://typo3.org/help/security-advisories

Third Party Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2023-001

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25014

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-25014