7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-3c5g-73f7-grvm

EPSS Score

CWE

Published

5/17/2024

Updated

5/17/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-3c5g-73f7-grvm

GHSA-3c5g-73f7-grvm: Neos Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place.

Note that this only allows reading of internal workspaces not writing. And for clarification, an internal workspace is a workspace that is non public and doesn't have an owner.

Given that an internal workspace exists in your installation, it is possible to view a page in context of that workspace by opening a link in this format:

https://domain/path/to/page.html@workspace-name

The issue is quite problematic when exploited but at the same time slightly less impactful than it sounds. First of all there is no default internal workspace, so the issue affects only workspaces created by users. That also means the workspace-name, which will also always include a hash is individual to a project and an exploiter must get hold of the workspace-name including the hash. This is non trivial as there is no indication of the existence of it, but obviously brute force and educated guessed can be made.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-3c5g-73f7-grvm

GHSA-3c5g-73f7-grvm:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-3c5g-73f7-grvm

EPSS Score

CWE

Published

5/17/2024

Updated

5/17/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
neos/neos	composer	>= 2.3.0, < 3.0.20	3.0.20
neos/neos	composer	>= 3.1.0, < 3.1.18	3.1.18
neos/neos	composer	>= 3.2.0, < 3.2.14	3.2.14
neos/neos	composer	>= 3.3.0, < 3.3.23	3.3.23
neos/neos	composer	>= 4.0.0, < 4.0.17	4.0.17
neos/neos	composer	>= 4.1.0, < 4.1.16	4.1.16
neos/neos	composer	>= 4.2.0, < 4.2.12	4.2.12
neos/neos	composer	>= 4.3.0, < 4.3.3	4.3.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unauthenticated access to internal workspaces via URL manipulation. The NodeController.showAction is the primary entry point for frontend rendering and would handle workspace context resolution. The ContextFactory.create method is critical for workspace initialization. Together they form the chain that likely lacks proper authorization checks for internal workspaces. Confidence is high for NodeController as it's directly tied to URL handling, and medium for ContextFactory as the exact vulnerability trigger depends on implementation details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-3c5g-73f7-grvm: Neos Information Disclosure Security Note

GHSA-3c5g-73f7-grvm:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

GHSA-3c5g-73f7-grvm: Neos Information Disclosure Security Note

Technical Details

7.5

7.5

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-3c5g-73f7-grvm: Neos Information Disclosure Security Note

GHSA-3c5g-73f7-grvm:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-3c5g-73f7-grvm: Neos Information Disclosure Security Note

Technical Details

7.5

7.5

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI