Описание
Privilege Escalation in TYPO3 CMS
The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 6.2.0, < 6.2.20
6.2.20
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 7.6.0, < 7.6.5
7.6.5
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.0.1
8.0.1
6.5 Medium
CVSS3
Дефекты
CWE-269
6.5 Medium
CVSS3
Дефекты
CWE-269