Fluid Attacks Database

Description

Typo3 Information Disclosure in Backend User Interface The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	typo3/cms	>=8.0.0 <8.7.27 \|\| >=9.0.0 <9.5.8	8.7.27, 9.5.8

Aliases

1. GCVE-GHSA-q9c4-9v5m-597p

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-1.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2019-014

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.