GHSA-g46h-v2cc-6c94

Source

https://github.com/advisories/GHSA-g46h-v2cc-6c94

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g46h-v2cc-6c94/GHSA-g46h-v2cc-6c94.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-g46h-v2cc-6c94

Published

2024-06-05T16:43:50Z

Modified

2024-12-02T05:34:04.898440Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information Disclosure in TYPO3 CMS

Details

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

Database specific

{
    "github_reviewed_at": "2024-06-05T16:43:50Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "nvd_published_at": null,
    "github_reviewed": true
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.6.0

Fixed

7.6.22

Affected versions

7.*

7.6.0

7.6.1

7.6.2

7.6.3

7.6.4

7.6.5

7.6.6

7.6.7

7.6.8

7.6.9

7.6.10

7.6.11

7.6.12

7.6.13

7.6.14

7.6.15

7.6.16

7.6.17

7.6.18

7.6.19

v7.*

v7.6.20

v7.6.21

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.7.5

Affected versions

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.2.0

8.2.1

8.3.0

8.3.1

8.4.0

8.4.1

8.5.0

8.5.1

8.6.0

8.6.1

8.7.0

8.7.1

8.7.2

v8.*

v8.7.3

v8.7.4