GHSA-g46h-v2cc-6c94 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=7.6.0 <7.6.22 || >=8.0.0 <8.7.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

Metadata

Created: 2024-06-05T16:43:50Z
Modified: 2024-06-05T16:43:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g46h-v2cc-6c94/GHSA-g46h-v2cc-6c94.json
CWE IDs: []
Alternative ID: N/A
Finding: F310
Auto approve: 1