GHSA-r287-hc8j-w56h – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2.0 <6.2.14 || >=7.0.0 <7.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

TYPO3 Information Disclosure Vulnerability Exploitable by Editors It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.

Metadata

Created: 2024-05-30T21:08:18Z
Modified: 2024-05-30T21:08:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r287-hc8j-w56h/GHSA-r287-hc8j-w56h.json
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F038
Auto approve: 1