-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper cache key generation in Extbase's query caching mechanism. The root cause is the absence of user group context in cache identifiers, which allowed cross-group data leakage. The functions responsible for generating cache keys (Typo3DbBackend::getCacheIdentifier) and executing/caching queries (Query::execute) are directly implicated. These functions would have been patched to include user group information in the cache key, aligning with the vulnerability description and resolution in TYPO3 6.2.3.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.3 | 6.2.3 |