CVE-2024-38874

MEDIUM

TYPO3 Events2 <8.3.8,9.x <9.0.6 - IDOR

Title source: llm

Description

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.

References (1)

[Vendor Advisory] https://typo3.org/security/advisory/typo3-ext-sa-2024-003

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-693

Status draft

Affected Products (1)

jweiland/events2 < 8.3.8Packagist

Timeline

Published Jun 21, 2024

Tracked Since Feb 18, 2026