CVE-2014-3946

Name of the Vulnerable Software and Affected Versions TYPO3 versions 6.2.0 through 6.2.2

Description The query caching functionality in the Extbase Framework component does not properly validate group permissions, allowing remote authenticated users to read arbitrary queries. This issue is related to the failure to respect user groups of logged-in users when caching queries, which can lead to information disclosure. The query caching, introduced in Extbase 6.2, can present query results for a specific user group to a different group.

Recommendations For TYPO3 versions 6.2.0 through 6.2.2, update to version 6.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the query caching functionality in the Extbase Framework component until a patch is available. Restrict access to sensitive queries to minimize the risk of information disclosure.