GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

June 5, 2024

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml
github.com/TYPO3/typo3
github.com/advisories/GHSA-g46h-v2cc-6c94
typo3.org/security/advisory/typo3-core-sa-2017-005

Code Behaviors & Features

Detect and mitigate GHSA-g46h-v2cc-6c94 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →