Unrated severityNVD Advisory· Published Feb 19, 2022· Updated Aug 3, 2024
CVE-2022-24979
CVE-2022-24979
Description
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TYPO3/Varnishcachedescription
- Range: <2.0.1
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- typo3.org/help/security-advisoriesmitrex_refsource_MISC
- typo3.org/security/advisory/typo3-ext-sa-2022-003mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.