logo

Database

Unauthorized access to screen In typo3/cms

Description

Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-g46h-v2cc-6c94

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2017-005

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.