CVE-2024-38874

{"id": "CVE-2024-38874", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-06-21T07:15:10.200", "references": [{"url": "https://typo3.org/security/advisory/typo3-ext-sa-2024-003", "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-ext-sa-2024-003", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la extensi\u00f3n events2 (tambi\u00e9n conocida como Events 2) anterior a 8.3.8 y 9.x anterior a 9.0.6 para TYPO3. La falta de comprobaciones de acceso en el complemento de administraci\u00f3n genera una vulnerabilidad de referencia directa a objetos (IDOR) insegura con el potencial de activar o eliminar varios eventos para usuarios no autenticados."}], "lastModified": "2025-03-24T21:15:17.203", "sourceIdentifier": "cve@mitre.org"}