Main Vulnerability Database Vulnerabilities #VU46245

Information disclosure in Event management and registration - CVE-2020-25026

Published: September 3, 2020

Vulnerability identifier: #VU46245

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-25026

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Event management and registration

Software vendor:
Torben Hansen

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a missing access check in the backend module. A remote autuenticated attacker can export participant data for events which the user does not have access to and gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://typo3.org/help/security-advisories
https://typo3.org/security/advisory/typo3-ext-sa-2020-017

Information disclosure in Event management and registration - CVE-2020-25026

Description

Remediation

External links

Please verify you're human