First published: Tue Dec 17 2019(Updated: )
### Impact Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. ### Patches Update to Contao 4.4.46 or 4.8.6. ### Workarounds None. ### References https://contao.org/en/security-advisories/information-disclosure-in-the-back-end ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao/core-bundle | >=4.0.0<4.4.46>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.8.0>=4.8.0<4.8.6 | |
composer/contao/contao | >=4.0.0<4.4.46>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.8.0>=4.8.0<4.8.6 | |
composer/contao/core-bundle | >=4.5.0<4.8.6 | 4.8.6 |
composer/contao/core-bundle | >=4.0.0<4.4.46 | 4.4.46 |
Contao Contao | >=4.4.0<=4.4.45 | |
Contao Contao | >=4.8<=4.8.5 | |
Contao Contao | =4.0 | |
Contao Contao | =4.1 | |
Contao Contao | =4.2 | |
Contao Contao | =4.3 | |
Contao Contao | =4.5 | |
Contao Contao | =4.6 | |
Contao Contao | =4.7 | |
composer/contao/contao | >=4.5.0<4.8.6 | 4.8.6 |
composer/contao/contao | >=4.0.0<4.4.46 | 4.4.46 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Backend users can manipulate the details view URL to show pages and articles that have not been enabled for them.
Update to Contao 4.4.46 or 4.8.6.
No, there are no workarounds available.
The severity rating of CVE-2019-19712 is medium, with a severity value of 5.3.
You can find more information about CVE-2019-19712 on the Contao security advisory page, the GitHub advisory page, and the NVD website.