CVE-2019-19712: Incorrect Default Permissions

December 17, 2019 (updated December 31, 2019)

Contao has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

References

contao.org/en/news.html
contao.org/en/security-advisories/information-disclosure-in-the-back-end.html
nvd.nist.gov/vuln/detail/CVE-2019-19712

Detect and mitigate CVE-2019-19712 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →