Information Disclosure in TYPO3 CMS

2024-06-0516:43:50

Google

osv.dev

information disclosure

typo3 cms

user permission

file collection

backend user account

7.2 High

AI Score

Confidence

Low

JSON

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

CPENameOperatorVersion
typo3/cmseq7.6.20
typo3/cmseq8.1.2
typo3/cmseq7.6.17
typo3/cmseq8.5.1
typo3/cmseq8.6.1
typo3/cmseq7.6.4
typo3/cmseq8.0.0
typo3/cmseq8.2.0
typo3/cmseq8.2.1
typo3/cmseq8.1.1

Name	Operator	Version
typo3/cms	eq	7.6.20
typo3/cms	eq	8.1.2
typo3/cms	eq	7.6.17
typo3/cms	eq	8.5.1
typo3/cms	eq	8.6.1
typo3/cms	eq	7.6.4
typo3/cms	eq	8.0.0
typo3/cms	eq	8.2.0
typo3/cms	eq	8.2.1
typo3/cms	eq	8.1.1

Rows per page:

1-10 of 421

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml

github.com/TYPO3/typo3

typo3.org/security/advisory/typo3-core-sa-2017-005

7.2 High

AI Score

Confidence

Low

JSON