CVE-2024-24751: 
PHP vulnerability analysis and mitigation

A broken access control vulnerability was identified in the TYPO3 sf_event_mgt extension, tracked as CVE-2024-24751. The vulnerability was discovered in version 7.0.0 of the extension and was patched in version 7.4.0. The issue emerged during the extension's update to TYPO3 12.4, where the access control check for events in the backend module became ineffective due to an unhandled RedirectResponse from the $this->redirect() function (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Moderate severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-284 (Improper Access Control). The technical issue stems from a broken access control mechanism in the backend module where the RedirectResponse from the $this->redirect() function was not properly handled, potentially allowing unauthorized access to event information (GitHub Advisory).

The vulnerability could potentially lead to unauthorized access to event information in the TYPO3 backend. The CVSS metrics indicate that while the confidentiality impact is Low, there are no direct impacts on integrity or availability of the system (GitHub Advisory).

The vulnerability has been patched in version 7.4.0 of the sf_event_mgt extension. Users are advised to upgrade to this version or later to address the security issue (GitHub Advisory).