7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Entities of the File Abstraction Layer (FAL) could be persisted directly via DataHandler
. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (âzero-storageâ) is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account.
Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.
When persisting entities of the File Abstraction Layer directly via DataHandler, sys_file
entities are now denied by default, and sys_file_reference
& sys_file_metadata
entities are not permitted to reference files in the fallback storage anymore.
When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using $dataHandler->isImporting = true;
.
Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue.
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07
github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c
github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47
github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66
nvd.nist.gov/vuln/detail/CVE-2024-25121
typo3.org/security/advisory/typo3-core-sa-2024-006
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%