CVE-2024-47780

8 Oct 2024

Título es

CVE-2024-47780

Mar, 08/10/2024 – 18:15

Tipo

CWE-863

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47780

Descripción en

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability.

08/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

3.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q

https://typo3.org/security/advisory/typo3-core-sa-2024-012

Enviar en el boletín

Off

CVE-2024-47780

CVE-2024-47780

Jose Alexis Correa Valencia