TYPO3 Broken Access Control in Localization Handling

2024-06-0717:15:33

CWE-285

GitHub Advisory Database

github.com

typo3

broken access control

localization

backend users

vulnerability

7 High

AI Score

Confidence

Low

JSON

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<8.7.23

CPENameOperatorVersion
typo3/cmslt8.7.23

CPE	Name	Operator	Version
	typo3/cms	lt	8.7.23

References

github.com/advisories/GHSA-772m-43f3-hmf8

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-3.yaml

github.com/TYPO3/typo3/commit/5004201ee77a69cb825637bc95cdeedb1186f4d4

typo3.org/security/advisory/typo3-core-sa-2019-003

7 High

AI Score

Confidence

Low

JSON