Vulnerability Description
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | 6.2 |
Related Weaknesses (CWE)
References
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014Vendor Advisory
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014Vendor Advisory
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2
FAQ
What is CVE-2014-3946?
CVE-2014-3946 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary q...
How severe is CVE-2014-3946?
CVE-2014-3946 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3946?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.