GHSA-vpr3-rc99-2wpr: Information Disclosure in TYPO3 Backend

June 5, 2024

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-4.yaml
github.com/advisories/GHSA-vpr3-rc99-2wpr
typo3.org/security/advisory/typo3-core-sa-2016-017
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017

Code Behaviors & Features

Detect and mitigate GHSA-vpr3-rc99-2wpr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →