{"id":"GHSA-3p9x-xxx6-2w4p","summary":"Broken Access Control in 3rd party TYPO3 extension \"femanager\"","details":"A missing access check in the `InvitationController` allows an unauthenticated user to delete all frontend users.","aliases":["CVE-2023-25014"],"modified":"2023-11-08T04:11:49.849622Z","published":"2023-02-02T03:30:23Z","database_specific":{"nvd_published_at":"2023-02-02T01:15:00Z","github_reviewed":true,"github_reviewed_at":"2023-02-08T00:23:30Z","cwe_ids":["CWE-306"],"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25014"},{"type":"PACKAGE","url":"https://github.com/in2code-de/femanager"},{"type":"WEB","url":"https://typo3.org/security/advisory/typo3-ext-sa-2023-001"}],"affected":[{"package":{"name":"in2code/femanager","ecosystem":"Packagist","purl":"pkg:composer/in2code/femanager"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.3"}]}],"versions":["2.5.0","2.5.1","2.6.0","2.6.1","2.6.2","2.7.0","3.0.0","3.0.1","3.0.2","3.1.0","3.1.1","3.1.2","3.1.3","3.2.0","3.3.0","4.0.0","4.0.1","4.0.2","4.1.0","4.1.1","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.2.5","5.0.0","5.1.0","5.1.1","5.2.0","5.3.0","5.3.1","5.4.0","5.4.1","5.4.2","5.5.0","5.5.1","5.5.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3p9x-xxx6-2w4p/GHSA-3p9x-xxx6-2w4p.json"}},{"package":{"name":"in2code/femanager","ecosystem":"Packagist","purl":"pkg:composer/in2code/femanager"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.0.0"},{"fixed":"6.3.4"}]}],"versions":["6.0.0","6.0.1","6.1.0","6.1.1","6.1.2","6.2.0","6.2.1","6.3.0","6.3.1","6.3.2","6.3.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3p9x-xxx6-2w4p/GHSA-3p9x-xxx6-2w4p.json"}},{"package":{"name":"in2code/femanager","ecosystem":"Packagist","purl":"pkg:composer/in2code/femanager"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.0.0"},{"fixed":"7.1.0"}]}],"versions":["7.0.0","7.0.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3p9x-xxx6-2w4p/GHSA-3p9x-xxx6-2w4p.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"}]}