Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TYPO3_CORE-SA-2024-005.NASL
HistoryFeb 13, 2024 - 12:00 a.m.

TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-005)

2024-02-1300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
typo3
web content management
php
gnu gpl
cve-2024-25120
elts
t3:// uri scheme

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

The version of TYPO3 installed on the remote host is prior to 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-005 advisory.

  • TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. (CVE-2024-25120)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(190465);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id("CVE-2024-25120");

  script_name(english:"TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-005)");

  script_set_attribute(attribute:"synopsis", value:
"The remote webserver is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of TYPO3 installed on the remote host is prior to 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 <
10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced
in the TYPO3-CORE-SA-2024-005 advisory.

  - TYPO3 is an open source PHP based web content management system released under the GNU GPL. The
    TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission
    scope. This encompassed files, folders, pages, and records (although only if a valid link-handling
    configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users
    are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS,
    13.0.1 that fix the problem described. There are no known workarounds for this issue. (CVE-2024-25120)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://typo3.org/security/advisory/typo3-core-sa-2024-005");
  script_set_attribute(attribute:"solution", value:
"Upgrade to TYPO3 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35, 12.4.11, 13.0.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-25120");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:typo3:typo3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("typo3_detect.nasl");
  script_require_keys("installed_sw/TYPO3", "www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include('vcf.inc');
include('http.inc');

port = get_http_port(default:80, php:TRUE);
app_info = vcf::get_app_info(app:'TYPO3', port:port, webapp:TRUE);

var constraints = [
  { 'min_version' : '8.0.0', 'max_version' : '8.7.56', 'fixed_version' : '8.7.57', 'fixed_display' : '8.7.57 ELTS' },
  { 'min_version' : '9.0.0', 'max_version' : '9.5.45', 'fixed_version' : '9.5.46', 'fixed_display' : '9.5.46 ELTS' },
  { 'min_version' : '10.0.0', 'max_version' : '10.4.42', 'fixed_version' : '10.4.43', 'fixed_display' : '10.4.43 ELTS' },
  { 'min_version' : '11.0.0', 'max_version' : '11.5.34', 'fixed_version' : '11.5.35' },
  { 'min_version' : '12.0.0', 'max_version' : '12.4.10', 'fixed_version' : '12.4.11' },
  { 'fixed_version' : '13.0.1', 'equal' : '13.0.0' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
typo3typo3cpe:/a:typo3:typo3

Related

nvd 1
cve 1
cvelist 1
github 1
prion 1
veracode 1
osv 1
freebsd 1
nessus 1
nvd
nvd
CVE-2024-25120
2024-02-13 23:15:08
cve
cve
CVE-2024-25120
2024-02-13 23:15:08
cvelist
cvelist
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
2024-02-13 22:15:13
github
github
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
2024-02-13 17:24:59
prion
prion
Design/Logic Flaw
2024-02-13 23:15:00
veracode
veracode
Improper Access Control
2024-02-14 09:33:17
osv
osv
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
2024-02-13 17:24:59
freebsd
freebsd
typo3-{11,12} -- multiple vulnerabilities
2024-02-13 00:00:00
nessus
nessus
FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)
2024-03-17 00:00:00

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for TYPO3_CORE-SA-2024-005.NASL
nvd1cve1cvelist1github1prion1veracode1osv1freebsd1nessus1