An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).
References
Link | Resource |
---|---|
https://typo3.org/security/advisory/typo3-ext-sa-2021-018 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-10T15:04:20
Updated: 2021-11-10T15:04:20
Reserved: 2021-11-09T00:00:00
Link: CVE-2021-43564
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-10T16:15:09.397
Modified: 2022-06-28T14:11:45.273
Link: CVE-2021-43564
JSON object: View
Redhat Information
No data.
CWE