Описание
Denial of Service in TYPO3 Bookmark Toolbar
Problem
Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.
Solution
Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.
Credits
Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue.
References
Пакеты
typo3/cms-backend
= 13.0.0
13.3.1
typo3/cms-backend
>= 12.0.0, < 12.4.20
12.4.21
typo3/cms-backend
>= 11.0.0, <= 11.5.39
11.5.40
typo3/cms-backend
>= 10.0.0, <= 10.4.45
10.4.46
Связанные уязвимости
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1.