CVE-2024-47780

LOW

TYPO3 - Info Disclosure

Title source: llm

Description

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability.

References (2)

[Vendor Advisory] https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q

[Vendor Advisory] https://typo3.org/security/advisory/typo3-core-sa-2024-012

Scores

CVSS v3 3.1

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-863

Status published

Affected Products (2)

typo3/typo3 < 10.4.46

typo3/cms-backend < 13.3.1Packagist

Timeline

Published Oct 08, 2024

Tracked Since Feb 18, 2026