Veracode Vulnerability DatabaseVERACODE:45482Improper Access Control
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%
TYPO3 is vulnerable to Improper Access Control. The vulnerability is due to a improper access control. An attacker can access resources outside there permission scope by utilizing the TYPO3-specific t3:// URI scheme. This allows users to access resources such as files, folders, pages, and records. Exploiting this vulnerability requires a valid backend user account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | eq | v13.0.0 | |
| typo3/cms-core | le | v11.5.34 | |
| typo3/cms-core | le | v12.4.10 | |
| typo3/cms-core | eq | v13.0.0 | |
| typo3/cms-core | le | v11.5.34 | |
| typo3/cms-core | le | v12.4.10 |
References
docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
github.com/advisories/GHSA-wf85-8hx9-gj7c
github.com/TYPO3-CMS/core/commit/0f1ae3add1b260a9233cae7b9f23efcffc8c99d9
github.com/TYPO3-CMS/core/commit/a3190e292703997f78a16d2be1c0314c5f24b9bb
github.com/TYPO3-CMS/core/commit/b50eebe478d80aae617572cd5960d5acccc0a61e
github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
typo3.org/security/advisory/typo3-core-sa-2024-005
typo3.org/security/advisory/typo3-core-sa-2024-006
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%