Veracode Vulnerability DatabaseVERACODE:45483Improper Access Control
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
TYPO3 is vulnerable to Improper Access Control. The vulnerability is caused because attackers can reference files in the fallback storage directly, exposing their file names and contents. This could lead to unauthorized disclosure of sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | eq | v13.0.0 | |
| typo3/cms-core | le | v11.5.34 | |
| typo3/cms-core | le | v12.4.10 | |
| typo3/cms-core | eq | v13.0.0 | |
| typo3/cms-core | le | v11.5.34 | |
| typo3/cms-core | le | v12.4.10 |
References
github.com/TYPO3-CMS/core/commit/57efbe366685c8af1877ce173243eb88f3ee46ce
github.com/TYPO3-CMS/core/commit/915f6e56582d6717fa399ba9017008b7908a37af
github.com/TYPO3-CMS/core/commit/d5e631e209dd3c9ca2bc9f68b6e25a5478d6c50b
github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66
typo3.org/security/advisory/typo3-core-sa-2024-006
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%