Nikita Hovratov

**Name of the Vulnerable Software and Affected Versions** jobfair extension versions prior to 1.0.13 jobfair extension versions 2.x prior to 2.0.2 **Description** An issue was discovered in the jobfair extension for TYPO3, where the extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files, for example, `uploads/tx jobfair/cv.pdf`. **Recommendations** For versions prior to 1.0.13, update to version 1.0.13 or later. For versions 2.x prior to 2.0.2, update to version 2.0.2 or later. As a temporary workaround, consider restricting access to the `uploads/tx jobfair` directory to minimize the risk of exploitation.