Typo3 Information Disclosure in Backend User Interface

2024-06-0517:10:08

GitHub Advisory Database

github.com

typo3

information disclosure

backend ui

element info

record refs

user permissions

vulnerability

software

6.7 Medium

AI Score

Confidence

Low

JSON

The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.8

typo3cms_poll_system_extensionRange<8.7.27

CPENameOperatorVersion
typo3/cmslt9.5.8
typo3/cmslt8.7.27

CPE	Name	Operator	Version
	typo3/cms	lt	9.5.8
	typo3/cms	lt	8.7.27

References

github.com/advisories/GHSA-q9c4-9v5m-597p

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-1.yaml

typo3.org/security/advisory/typo3-core-sa-2019-014

6.7 Medium

AI Score

Confidence

Low

JSON