{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-44543", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:54:03.938Z", "dateReserved": "2022-11-01T00:00:00.000Z", "datePublished": "2023-12-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-12T16:48:22.206Z"}, "descriptions": [{"lang": "en", "value": "The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://typo3.org/help/security-advisories"}, {"url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.938Z"}, "title": "CVE Program Container", "references": [{"url": "https://typo3.org/help/security-advisories", "tags": ["x_transferred"]}, {"url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*", "matchCriteriaId": "E0EAE8E8-47BE-4D35-BE8C-530CC4668BF2", "versionEndExcluding": "5.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*", "matchCriteriaId": "93866A98-CFC8-4CFB-B227-CA98ADEA8FEC", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:in2code:femanager:7.0.0:*:*:*:*:typo3:*:*", "matchCriteriaId": "ADE46436-77C4-4E8E-A3DF-1C26D55B8F69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled."}, {"lang": "es", "value": "La extensi\u00f3n femanager anterior a 5.5.2, 6.x anterior a 6.3.3 y 7.x anterior a 7.0.1 para TYPO3 permite la creaci\u00f3n de usuarios frontend en grupos restringidos (si hay un campo de grupo de usuarios en el formulario de registro). Esto ocurre porque el mecanismo de protecci\u00f3n usergroup.inList no se maneja correctamente."}], "id": "CVE-2022-44543", "lastModified": "2024-11-21T07:28:06.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T17:15:07.663", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://typo3.org/help/security-advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/help/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}