admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-10 16:00:58 +00:00
parent 233de2bd66
commit 5ca1b34465
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 882 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2020/12xxx/CVE-2020-12488.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=5",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"attackComplexity": "LOW",
"scope": "UNCHANGED",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"integrityImpact": "NONE",
"baseScore": 5.5,
"privilegesRequired": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"userInteraction": "REQUIRED",
"version": "3.1"
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jovi Smart Scene",
"version": {
"version_data": [
{
"version_value": "all",
"version_name": "6.2.2.52",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-03-23T16:00:00.000Z",
"ASSIGNER": "security@vivo.com",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control Vulnerability in Jovi Smart Scene",
"ID": "CVE-2020-12488"
}
}

5
2020/17xxx/CVE-2020-17049.json
View File

@ -117,6 +117,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211110 Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download",
"url": "http://www.openwall.com/lists/oss-security/2021/11/10/3"
}
]
}

75
2021/40xxx/CVE-2021-40501.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ABAP Platform Kernel",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.77"
},
{
"version_name": "<",
"version_value": "7.81"
},
{
"version_name": "<",
"version_value": "7.85"
},
{
"version_name": "<",
"version_value": "7.86"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3099776",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3099776"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
]
}

75
2021/40xxx/CVE-2021-40502.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "2105.3"
},
{
"version_name": "<",
"version_value": "2011.13"
},
{
"version_name": "<",
"version_value": "2005.18"
},
{
"version_name": "<",
"version_value": "1905.34"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3110328",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3110328"
}
]
}

67
2021/40xxx/CVE-2021-40503.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "< 7.60 PL13"
},
{
"version_name": "<",
"version_value": "7.70 PL4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3080106",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3080106"
}
]
}

119
2021/40xxx/CVE-2021-40504.json
View File

@ -4,14 +4,127 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "701"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "710"
},
{
"version_name": "<",
"version_value": "711"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
},
{
"version_name": "<",
"version_value": "756"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3105728",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3105728"
}
]
}

61
2021/40xxx/CVE-2021-40518.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Airangel HSMX Gateway devices through 5.2.04 allow CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://airangel.com/hsmx-gateway/",
"refsource": "MISC",
"name": "https://airangel.com/hsmx-gateway/"
},
{
"refsource": "MISC",
"name": "http://etizazmohsin.com/hsmx.html#csrf",
"url": "http://etizazmohsin.com/hsmx.html#csrf"
}
]
}

61
2021/40xxx/CVE-2021-40519.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://airangel.com/hsmx-gateway/",
"refsource": "MISC",
"name": "https://airangel.com/hsmx-gateway/"
},
{
"refsource": "MISC",
"name": "http://etizazmohsin.com/hsmx.html#database",
"url": "http://etizazmohsin.com/hsmx.html#database"
}
]
}

61
2021/40xxx/CVE-2021-40521.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://airangel.com/hsmx-gateway/",
"refsource": "MISC",
"name": "https://airangel.com/hsmx-gateway/"
},
{
"refsource": "MISC",
"name": "http://etizazmohsin.com/hsmx.html#rce",
"url": "http://etizazmohsin.com/hsmx.html#rce"
}
]
}

66
2021/41xxx/CVE-2021-41426.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/",
"refsource": "MISC",
"name": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/"
},
{
"url": "https://youtu.be/WtcyIVImcwc",
"refsource": "MISC",
"name": "https://youtu.be/WtcyIVImcwc"
},
{
"url": "https://youtu.be/HL73yOW7YWU?t=540",
"refsource": "MISC",
"name": "https://youtu.be/HL73yOW7YWU?t=540"
}
]
}

66
2021/41xxx/CVE-2021-41427.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/",
"refsource": "MISC",
"name": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/"
},
{
"url": "https://youtu.be/CbWI-JQteRo",
"refsource": "MISC",
"name": "https://youtu.be/CbWI-JQteRo"
},
{
"url": "https://youtu.be/HL73yOW7YWU?t=520",
"refsource": "MISC",
"name": "https://youtu.be/HL73yOW7YWU?t=520"
}
]
}

71
2021/42xxx/CVE-2021-42062.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ERP HCM Portugal",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "600"
},
{
"version_name": "<",
"version_value": "604"
},
{
"version_name": "<",
"version_value": "608"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3104456",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3104456"
}
]
}

62
2021/43xxx/CVE-2021-43563.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-017",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-017"
}
]
}
}

62
2021/43xxx/CVE-2021-43564.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-018",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-018"
}
]
}
}