{ "schema_version": "1.4.0", "id": "GHSA-7gpw-frph-fwrg", "modified": "2023-02-08T21:57:03Z", "published": "2022-12-14T21:30:16Z", "aliases": [ "CVE-2022-47407" ], "summary": "TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension \"Master-Quiz\" (fp_masterquiz)", "details": "An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "fixpunkt/fp-masterquiz" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "3.0.0" }, { "fixed": "3.5.2" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "fixpunkt/fp-masterquiz" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.2.1" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47407" }, { "type": "WEB", "url": "https://github.com/bihor/fp_masterquiz/commit/f6f1baa594334c629637f5b87478ae31cdcaaa09" }, { "type": "WEB", "url": "https://github.com/bihor/fp_masterquiz/commit/fce4ec64600df3f38cacc9a86ba2bd063a51e140" }, { "type": "WEB", "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/fixpunkt/fp-masterquiz/CVE-2022-47407.yaml" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-018" } ], "database_specific": { "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-08T21:57:03Z", "nvd_published_at": "2022-12-14T21:15:00Z" } }