CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
The TYPO3-specific t3://
URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account.
Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.
Thanks to Richie Lee who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.
docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
nvd.nist.gov/vuln/detail/CVE-2024-25120
typo3.org/security/advisory/typo3-core-sa-2024-005