logo

Database

Excessive privileges In typo3/cms-core

Description

TYPO3 Broken Access Control in Localization Handling It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-9rx9-7fmh-gj3g

References

1. https://github.com/TYPO3-CMS/core/commit/64b1b5dc2f7cacb2ba39b74081f4179d6393b2bf2. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-01-22-3.yaml3. https://typo3.org/security/advisory/typo3-core-sa-2019-003

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.