Information Disclosure Affecting typo3/cms-core package, versions >=8.0.0, <8.7.27>=9.0.0, <9.5.8


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-TYPO3CMSCORE-1535114
  • published30 Jul 2021
  • disclosed30 Jul 2021
  • creditFlorian Weiss

Introduced: 30 Jul 2021

CVE NOT AVAILABLE CWE-200  (opens in a new tab)

How to fix?

Upgrade typo3/cms-core to version 8.7.27, 9.5.8 or higher.

Overview

typo3/cms-core is a free open source enterprise content management system.

Affected versions of this package are vulnerable to Information Disclosure. The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.

CVSS Scores

version 3.1