VulnerableCode Vulnerability Details - VCID-q1s5-yzxr-9ud5

Search for vulnerabilities

Vulnerability details: VCID-q1s5-yzxr-9ud5

Essentials
Severities (8)
References (15)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-q1s5-yzxr-9ud5
Aliases	CVE-2014-3946 GHSA-vccp-5v5h-p8m6
Summary	Typo3 Information Disclosure Failing to respect user groups of logged in users when caching queries, Extbase is susceptible to information disclosure. The query caching (introduced in Extbase 6.2) used to cache queries that query results for a specific user group were presented to a different group.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2014-3946
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml
generic_textual	MODERATE	https://github.com/TYPO3/typo3
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3946
generic_textual	MODERATE	https://typo3.org/security/advisory/typo3-core-sa-2014-001
generic_textual	MODERATE	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
generic_textual	MODERATE	http://www.debian.org/security/2014/dsa-2942
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2014/06/03/2

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2014-3946
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3946.yaml
		https://github.com/TYPO3/typo3
		https://nvd.nist.gov/vuln/detail/CVE-2014-3946
		https://typo3.org/security/advisory/typo3-core-sa-2014-001
		https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
		http://www.debian.org/security/2014/dsa-2942
		http://www.openwall.com/lists/oss-security/2014/06/03/2
GHSA-vccp-5v5h-p8m6		https://github.com/advisories/GHSA-vccp-5v5h-p8m6

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.36606
EPSS Score	0.00151
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:26.276178+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vccp-5v5h-p8m6/GHSA-vccp-5v5h-p8m6.json	36.1.3