CVE-2023-50462: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

December 13, 2023

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.

References

github.com/FriendsOfPHP/security-advisories/blob/master/t3s/content-consent/CVE-2023-50462.yaml
github.com/advisories/GHSA-j8cw-ppmv-wj85
typo3.org/security/advisory/typo3-ext-sa-2023-009

Detect and mitigate CVE-2023-50462 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →