CVE-2021-43564

Name of the Vulnerable Software and Affected Versions jobfair extension versions prior to 1.0.13 jobfair extension versions 2.x prior to 2.0.2

Description An issue was discovered in the jobfair extension for TYPO3, where the extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files, for example, uploads/tx jobfair/cv.pdf.

Recommendations For versions prior to 1.0.13, update to version 1.0.13 or later. For versions 2.x prior to 2.0.2, update to version 2.0.2 or later. As a temporary workaround, consider restricting access to the uploads/tx jobfair directory to minimize the risk of exploitation.