CVE-2022-24979

Name of the Vulnerable Software and Affected Versions Varnishcache extension versions prior to 2.0.1 for TYPO3

Description An issue in the Edge Site Includes (ESI) content element renderer component of the Varnishcache extension for TYPO3 does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ESI content element renderer component to minimize the risk of exploitation.