http://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692013-11-29T13:25:40ZTYPO3 ForgeTYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920692013-11-29T13:25:40ZChristian Kuhnlolli@schwarzbu.ch
<ul></ul><p>scenario:</p>
<p>ext:datasources must be installed, then some non-admin can "dump" the data of any row of this table via checkconnectionwiz.</p>
<p>it is not possible to dump an arbitrary table, and also this does not work if adodb or datasources is not installed.</p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920712013-11-29T13:37:04ZChristian Kuhnlolli@schwarzbu.ch
<ul></ul><p>Strategy:<br />Remove all this "connection" code that depends on ext:datasources in 6.2. For versions below, the script is sanitized a bit better with a "if not be_user is admin -> die" or similar.</p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920732013-11-29T13:50:39ZChristian Kuhnlolli@schwarzbu.ch
<ul><li><strong>Project</strong> changed from <i>1716</i> to <i>TYPO3 Core</i></li><li><strong>Category</strong> deleted (<del><i>T3-03: Information Disclosure</i></del>)</li></ul><p>Since the attack vector is very low, this issue is opened and goes through the regular review process now.</p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920782013-11-29T14:21:15ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Under Review</i></li></ul><p>Patch set 1 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25759">https://review.typo3.org/25759</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920882013-11-29T16:18:08ZGerrit Code Review
<ul></ul><p>Patch set 1 for branch <strong>TYPO3_4-5</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25760">https://review.typo3.org/25760</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920892013-11-29T16:20:44ZGerrit Code Review
<ul></ul><p>Patch set 1 for branch <strong>TYPO3_4-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25761">https://review.typo3.org/25761</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920902013-11-29T16:24:18ZGerrit Code Review
<ul></ul><p>Patch set 1 for branch <strong>TYPO3_6-0</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25762">https://review.typo3.org/25762</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920912013-11-29T16:25:05ZGerrit Code Review
<ul></ul><p>Patch set 1 for branch <strong>TYPO3_6-1</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25763">https://review.typo3.org/25763</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920972013-11-29T16:56:18ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>TYPO3_6-1</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25763">https://review.typo3.org/25763</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920982013-11-29T16:57:07ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>TYPO3_6-0</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25762">https://review.typo3.org/25762</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1920992013-11-29T16:57:38ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>TYPO3_4-7</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25761">https://review.typo3.org/25761</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1921002013-11-29T16:58:14ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>TYPO3_4-5</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/25760">https://review.typo3.org/25760</a></p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=1921062013-11-29T17:30:25ZChristian Kuhnlolli@schwarzbu.ch
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[BUGFIX] ext:adodb Restrict connection wizard to admins In the unlikely case ext:datasources is ..." href="http://forge.typo3.org/projects/typo3cms-core/repository/1749/revisions/309e93ac50baa1d3db323cb21fc2f57f0d550b0b">309e93ac50baa1d3db323cb21fc2f57f0d550b0b</a>.</p> TYPO3 Core - Bug #42651: Information disclosure in adodb/http://forge.typo3.org/issues/42651?journal_id=3846252018-10-02T12:16:50ZBenni Mackbenni@typo3.org
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>