Lucene search

GitHub Advisory DatabaseGHSA-WF85-8HX9-GJ7C

HistoryFeb 13, 2024 - 5:24 p.m.

TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

2024-02-1317:24:59

CWE-200

CWE-284

GitHub Advisory Database

github.com

typo3

uri scheme

access control

vulnerability

update

elts

lts

security advisory

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Problem

The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account.

Solution

Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.

Credits

Thanks to Richie Lee who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.

References

TYPO3-CORE-SA-2024-005

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionMatch13.0.0

typo3cms_poll_system_extensionRange≤12.4.10

typo3cms_poll_system_extensionRange≤11.5.34

typo3cms_poll_system_extensionRange≤10.4.42

typo3cms_poll_system_extensionRange≤9.5.45

typo3cms_poll_system_extensionRange≤8.7.56

CPENameOperatorVersion
typo3/cms-coreeq13.0.0
typo3/cms-corele12.4.10
typo3/cms-corele11.5.34
typo3/cms-corele10.4.42
typo3/cms-corele9.5.45
typo3/cms-corele8.7.56