GHSA-wvvp-jwf5-qcpc – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=9.0.0 <9.5.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

TYPO3 Information Disclosure in Page Tree It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

Metadata

Created: 2024-05-30T16:24:19Z
Modified: 2024-05-30T16:24:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wvvp-jwf5-qcpc/GHSA-wvvp-jwf5-qcpc.json
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F308
Auto approve: 1