CVE-2014-3946

medium

Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

References

http://www.openwall.com/lists/oss-security/2014/06/03/2

http://www.debian.org/security/2014/dsa-2942

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

Details

Source: Mitre, NVD

Published: 2014-06-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00151