PT-2024-32812 · Typo3 · Typo3

Peter Schuler

Published

2024-10-08

Updated

2025-09-03

CVE-2024-47780

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 10.4.46 ELTS TYPO3 versions prior to 11.5.40 LTS TYPO3 versions prior to 12.4.21 LTS TYPO3 versions prior to 13.3.1

Description Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages.

Recommendations Update to version 10.4.46 ELTS to resolve the issue. Update to version 11.5.40 LTS to resolve the issue. Update to version 12.4.21 LTS to resolve the issue. Update to version 13.3.1 to resolve the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2024-47780

GHSA-RF5M-H8Q9-9W6Q

Affected Products

Typo3

PT-2024-32812 · Typo3 · Typo3

CVE-2024-47780

Weakness Enumeration

Related Identifiers

Affected Products

References · 14