CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
TYPO3 is vulnerable to Improper Access Control. The vulnerability is due to a improper access control. An attacker can access resources outside there permission scope by utilizing the TYPO3-specific t3://
URI scheme. This allows users to access resources such as files, folders, pages, and records. Exploiting this vulnerability requires a valid backend user account.
docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
github.com/advisories/GHSA-wf85-8hx9-gj7c
github.com/TYPO3-CMS/core/commit/0f1ae3add1b260a9233cae7b9f23efcffc8c99d9
github.com/TYPO3-CMS/core/commit/a3190e292703997f78a16d2be1c0314c5f24b9bb
github.com/TYPO3-CMS/core/commit/b50eebe478d80aae617572cd5960d5acccc0a61e
github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
typo3.org/security/advisory/typo3-core-sa-2024-005
typo3.org/security/advisory/typo3-core-sa-2024-006