CVE-2024-34358

2024-05-1416:17:25

CWE-200

CWE-347

GitHub_M

web.nvd.nist.gov

typo3

showimagecontroller

cryptographic hmac-signature

vulnerability

nvd

arbitrary number of thumbnail images

server side

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.2

Confidence

High

EPSS

Percentile

15.5%

JSON

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g. /index.php?eID=tx_cms_showpic?file=3&...&frame=12345). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.

Affected configurations

Vulners

Vulnrichment

Node

typo3typo3Range9.0.0–9.5.48

typo3typo3Range10.0.0–10.4.45

typo3typo3Range11.0.0–11.5.37

typo3typo3Range12.0.0–12.4.15

typo3typo3Range13.0.0–13.1.1

VendorProductVersionCPE
typo3typo3*cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	*	cpe:2.3:a:typo3:typo3::::::::

CNA Affected

[
  {
    "vendor": "TYPO3",
    "product": "typo3",
    "versions": [
      {
        "version": ">= 9.0.0, < 9.5.48",
        "status": "affected"
      },
      {
        "version": ">= 10.0.0, < 10.4.45",
        "status": "affected"
      },
      {
        "version": ">= 11.0.0, < 11.5.37",
        "status": "affected"
      },
      {
        "version": ">= 12.0.0, < 12.4.15",
        "status": "affected"
      },
      {
        "version": ">= 13.0.0, < 13.1.1",
        "status": "affected"
      }
    ]
  }
]