GHSA-772m-43f3-hmf8: TYPO3 Broken Access Control in Localization Handling

June 7, 2024

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-3.yaml
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/5004201ee77a69cb825637bc95cdeedb1186f4d4
github.com/advisories/GHSA-772m-43f3-hmf8
typo3.org/security/advisory/typo3-core-sa-2019-003

Code Behaviors & Features

Detect and mitigate GHSA-772m-43f3-hmf8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →