Privilege Escalation in TYPO3 CMS

2024-06-0514:18:58

CWE-269

GitHub Advisory Database

github.com

privilege escalation

typo3 cms

workspace link

admin panel

vulnerability

6.8 Medium

AI Score

Confidence

Low

JSON

The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<8.0.1

typo3cms_poll_system_extensionRange<7.6.5

typo3cms_poll_system_extensionRange<6.2.20

CPENameOperatorVersion
typo3/cmslt8.0.1
typo3/cmslt7.6.5
typo3/cmslt6.2.20

Name	Operator	Version
typo3/cms	lt	8.0.1
typo3/cms	lt	7.6.5
typo3/cms	lt	6.2.20

References

github.com/advisories/GHSA-v5jp-4h2p-j2p4

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-04-12-4.yaml

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012

6.8 Medium

AI Score

Confidence

Low

JSON