CVE-2014-3946

NameCVE-2014-3946
DescriptionThe query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2942-1
Debian Bugs749215

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsourcesqueeze(unfixed)end-of-life
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy3DSA-2942-1
typo3-srcsource(unstable)4.5.34+dfsg1-1749215

Notes

[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
Search for package or bug name: Reporting problems