-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-workspaces | composer | >= 9.0.0, < 9.5.55 | 12.4.37 |
| typo3/cms-workspaces | composer | >= 10.0.0, < 10.4.54 | 12.4.37 |
| typo3/cms-workspaces | composer | >= 11.0.0, < 11.5.48 | 12.4.37 |
| typo3/cms-workspaces | composer | >= 12.0.0, < 12.4.37 | 12.4.37 |
| typo3/cms-workspaces | composer | >= 13.0.0, < 13.4.18 | 13.4.18 |
| typo3/cms-recycler | composer | >= 9.0.0, < 9.5.55 | 12.4.37 |
| typo3/cms-recycler | composer | >= 10.0.0, < 10.4.54 | 12.4.37 |
| typo3/cms-recycler | composer | >= 11.0.0, < 11.5.48 | 12.4.37 |
| typo3/cms-recycler | composer | >= 12.0.0, < 12.4.37 | 12.4.37 |
| typo3/cms-recycler | composer | >= 13.0.0, < 13.4.18 | 13.4.18 |
| typo3/cms-dashboard | composer | >= 10.0.0, < 10.4.54 | 12.4.37 |
| typo3/cms-dashboard | composer | >= 11.0.0, < 11.5.48 | 12.4.37 |
| typo3/cms-dashboard | composer | >= 12.0.0, < 12.4.37 | 12.4.37 |
| typo3/cms-dashboard | composer | >= 13.0.0, < 13.4.18 | 13.4.18 |
| typo3/cms-beuser | composer | >= 13.0.0, < 13.4.18 | 13.4.18 |
| typo3/cms-beuser | composer | >= 12.0.0, < 12.4.37 | 12.4.37 |
| typo3/cms-beuser | composer | >= 11.0.0, < 11.5.48 | 12.4.37 |
| typo3/cms-beuser | composer | >= 10.0.0, < 10.4.54 | 12.4.37 |
| typo3/cms-beuser | composer | >= 9.0.0, < 9.5.55 | 12.4.37 |
| typo3/cms-backend | composer | >= 9.0.0, < 9.5.55 | 12.4.37 |
| typo3/cms-backend | composer | >= 10.0.0, < 10.4.54 | 12.4.37 |
| typo3/cms-backend | composer | >= 11.0.0, < 11.5.48 | 12.4.37 |
| typo3/cms-backend | composer | >= 12.0.0, < 12.4.37 | 12.4.37 |
| typo3/cms-backend | composer | >= 13.0.0, < 13.4.18 | 13.4.18 |
Miggo AIRoot Cause AnalysisThe vulnerability is a Broken Access Control issue in TYPO3's backend. Authenticated backend users could call AJAX routes directly, even if they did not have the necessary permissions for the backend module associated with that route. The root cause was the TYPO3\CMS\Backend\Middleware\BackendModuleValidator::process middleware, which failed to perform authorization checks for these AJAX routes.
The security patches address this by introducing a new option, inheritAccessFromModule, for AJAX route configurations. This option links an AJAX route to a specific backend module. The BackendModuleValidator was updated to check this option and deny access if the user does not have permissions for the specified module, returning a 403 Forbidden status.
The analysis of the commits shows this pattern being applied across multiple components (typo3/cms-backend, typo3/cms-beuser, typo3/cms-dashboard, typo3/cms-recycler, typo3/cms-workspaces). The target property of the modified routes points directly to the controller methods that were vulnerable. These methods, which handle actions like renaming resources, managing dashboards, and handling localizations, would appear in a runtime profile or stack trace during exploitation. The identified functions are the direct entry points for the unauthorized actions.
A Semantic Attack on Google Gemini - Read the Latest Research