GoogleOSV:GHSA-WF85-8HX9-GJ7CTYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
Problem
The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account.
Solution
Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.
Credits
Thanks to Richie Lee who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.
References
References
docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
nvd.nist.gov/vuln/detail/CVE-2024-25120
typo3.org/security/advisory/typo3-core-sa-2024-005
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%