Miggo Logo
Miggo Vulnerability Database
GHSA-4r76-xr68-w7m7

GHSA-4r76-xr68-w7m7: TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts

8.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-4r76-xr68-w7m7
EPSS Score
-
CWE
CWE-269
Published
5/30/2024
Updated
5/30/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cmscomposer>= 6.2.0, < 6.2.146.2.14
typo3/cmscomposer>= 7.0.0, < 7.3.17.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from missing access checks in inline record handling. The patch added hooks in checkAccess methods (via SC_OPTIONS) to call FileMetadataPermissionsAspect for permission validation. Vulnerable versions lacked these hooks, allowing editors to manipulate metadata without proper file mount validation. The functions are explicitly modified in the security commit diff, confirming their role in the access control flaw.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It **s ***n *is*ov*r**, t**t **itors wit* ****ss to *il* m*t* **t* t**l* *oul* ***n**, *r**t* or **l*t* m*t***t* o* *il*s w*i** *r* not wit*in t**ir *il* mounts.

Reasoning

T** vuln*r**ility st*mm** *rom missin* ****ss ****ks in inlin* r**or* **n*lin*. T** p*t** ***** *ooks in ****k****ss m*t*o*s (vi* S*_OPTIONS) to **ll *il*M*t***t*P*rmissions*sp**t *or p*rmission v*li**tion. Vuln*r**l* v*rsions l**k** t**s* *ooks, *ll