Description
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://typo3.org/help/security-advisories
Patch, Vendor Advisory x_refsource_confirm
https://typo3.org/security/advisory/typo3-ext-sa-2022-003
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-639
Status
published
Products (1)
mittwald/varnishcache
< 2.0.1
Published
Feb 19, 2022
Tracked Since
Feb 18, 2026