CVE-2024-38874 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-38874

CVE-2024-38874

June 21, 2024

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2024-38874

https://github.com/FriendsOfPHP/security-advisories/blob/master/jweiland/events2/CVE-2024-38874.yaml

https://github.com/jweiland-net/events2

https://typo3.org/security/advisory/typo3-ext-sa-2024-003

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.4

Attack Complexity

LOW

Attack Vector

NETWORK

Availability

NONE

Confidentiality

LOW

Integrity

LOW

Privileges Required

LOW

Scope

UNCHANGED

User Interaction

NONE

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Authorization Bypass Through User-Controlled Key

CWE-639

EPSS

Base Score:

0.41

Products

Solutions

Resources

Company

Compare

Developer Tools