CVE-2021-43563

Name of the Vulnerable Software and Affected Versions pixxio extension versions prior to 1.0.6 for TYPO3

Description The Access Control in the bundled media browser of the pixxio extension is broken. This allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user, enabling the download of various media files from the DAM system.

Recommendations For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the bundled media browser to prevent unauthorized requests to the pixx.io API.