Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45482

HistoryFeb 14, 2024 - 9:33 a.m.

Improper Access Control

2024-02-1409:33:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

typo3

vulnerability

access control

resources

backend user

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0

Percentile

15.5%

TYPO3 is vulnerable to Improper Access Control. The vulnerability is due to a improper access control. An attacker can access resources outside there permission scope by utilizing the TYPO3-specific t3:// URI scheme. This allows users to access resources such as files, folders, pages, and records. Exploiting this vulnerability requires a valid backend user account.

References

docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references

github.com/advisories/GHSA-wf85-8hx9-gj7c

github.com/TYPO3-CMS/core/commit/0f1ae3add1b260a9233cae7b9f23efcffc8c99d9

github.com/TYPO3-CMS/core/commit/a3190e292703997f78a16d2be1c0314c5f24b9bb

github.com/TYPO3-CMS/core/commit/b50eebe478d80aae617572cd5960d5acccc0a61e

github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c

typo3.org/security/advisory/typo3-core-sa-2024-005

typo3.org/security/advisory/typo3-core-sa-2024-006

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0

Percentile

15.5%

Related for VERACODE:45482

prion1 github1 cve1 vulnrichment1 nessus2 cvelist1 nvd1 osv1 freebsd1