Information Disclosure in TYPO3 CMS

2024-06-0516:43:50

GitHub Advisory Database

github.com

information disclosure

typo3 cms

user permission

file storages

editors

knowledge

protected storages

folders

file collection

frontend

backend user account

vulnerability

7.2 High

AI Score

Confidence

Low

JSON

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<8.7.5

typo3cms_poll_system_extensionRange<7.6.22

CPENameOperatorVersion
typo3/cmslt8.7.5
typo3/cmslt7.6.22

CPE	Name	Operator	Version
	typo3/cms	lt	8.7.5
	typo3/cms	lt	7.6.22

References

github.com/advisories/GHSA-g46h-v2cc-6c94

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml

typo3.org/security/advisory/typo3-core-sa-2017-005

7.2 High

AI Score

Confidence

Low

JSON