Component Type: TYPO3 Neos
Affected Versions: 1.1.0 to 1.1.2 and 1.2.0 to 1.2.2
Release Date: March 28, 2015
Vulnerability Type: Authentication Bypass
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
CVE: not assigned
Problem Description: It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.
Solution: Update to TYPO3 Neos versions 1.1.3 or 1.2.3 that fix the problem described.
Credits: Thanks to Robert Lemke who discovered and to Andreas Förthner who reported and fixed the vulnerability.
Privilege Escalation in TYPO3 Neos
It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation.
– Written by Karsten Dambekalns