Security Advisory

CVE-2021-43564

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-10 15:04:20

Last updated 2024-08-04 04:03:08

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).

← Browse all CVEs View on cve.org ↗