Medium severityGHSA Advisory· Published Dec 13, 2023

Insecure Direct Object Reference in extension "Content Consent" (content_consent)

CVE-2023-50462

Description

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
t3s/content-consentPackagist	>= 2.0.0, < 2.0.2	2.0.2
t3s/content-consentPackagist	< 1.0.3	1.0.3

Affected products

Packagist/Content ConsentGHSA
Range: < 1.0.3
Package: https://packagist.org/packages/t3s/content-consent

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-j8cw-ppmv-wj85ghsaADVISORY
github.com/FriendsOfPHP/security-advisories/blob/master/t3s/content-consent/CVE-2023-50462.yamlghsaWEB
typo3.org/security/advisory/typo3-ext-sa-2023-009ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000