{"id":"CVE-2019-19712","details":"Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.","aliases":["GHSA-4mvc-qc5w-v5qr"],"modified":"2026-04-11T21:01:32.795602Z","published":"2019-12-17T14:15:18.153Z","references":[{"type":"ADVISORY","url":"https://contao.org/en/news.html"},{"type":"ADVISORY","url":"https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/contao/contao","events":[{"introduced":"da8a867d8335c4ca55e5085dac11f1fecd12650e"},{"last_affected":"0dae4caadb79f1581d1851d849955929318bc7d9"},{"introduced":"879e05ecc75a6bf70aabc1c3d867eb420f291f60"},{"last_affected":"e2234567e8a17ff151137c288b14591213652195"},{"introduced":"0"},{"last_affected":"84b2fe637d5ead531f117f26b48d1b9de8df4074"},{"last_affected":"a112b68dcb5215b01f2c4c4b8de6bcb3d3b9ae81"},{"last_affected":"dfb96f2755181aedb587e897316a656dd933df31"},{"last_affected":"afeedc98905a9dedd598f5a5814decc1ad1b008d"},{"last_affected":"b09b4d51d13d37b4bfcd2ef4314fc6a20184dc55"},{"last_affected":"c3e0c88e63095d83fd37fb96c4381de7658de4dc"},{"last_affected":"b4dda036c2c0fc7d17c1aa402eaacf6b5dc335fc"}],"database_specific":{"cpe":["cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.0:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.1:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.2:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.3:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.5:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.6:*:*:*:*:*:*:*","cpe:2.3:a:contao:contao:4.7:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"4.4.0"},{"last_affected":"4.4.45"},{"introduced":"4.8"},{"last_affected":"4.8.5"},{"introduced":"0"},{"last_affected":"4.0"},{"last_affected":"4.1"},{"last_affected":"4.2"},{"last_affected":"4.3"},{"last_affected":"4.5"},{"last_affected":"4.6"},{"last_affected":"4.7"}],"source":"CPE_FIELD"}}],"versions":["4.0.0","4.1.0","4.2.0","4.3.0","4.4.22","4.4.23","4.4.24","4.4.25","4.4.26","4.4.27","4.4.28","4.4.29","4.4.30","4.4.31","4.4.32","4.4.33","4.4.34","4.4.35","4.4.36","4.4.37","4.4.38","4.4.39","4.4.40","4.4.41","4.4.42","4.4.43","4.4.44","4.4.45","4.5.0","4.6.0","4.7.0","4.7.0-RC1","4.7.0-RC2","4.7.0-RC3","4.7.0-RC4","4.8.0","4.8.1","4.8.2","4.8.3","4.8.4","4.8.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19712.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}