4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-g46h-v2cc-6c94

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-g46h-v2cc-6c94

GHSA-g46h-v2cc-6c94:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 7.6.0, < 7.6.22	7.6.22
typo3/cms	composer	>= 8.0.0, < 8.7.5	8.7.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper permission checks on file storage access. The StorageRepository class is central to TYPO3's file storage management. The getStorageObjects() method likely returned all available storages without applying proper user permission filters, enabling unauthorized access to protected storage metadata. This aligns with the vulnerability description where editors could discover protected storages. The high confidence comes from the pattern of storage handling in TYPO3 FAL and the nature of the vulnerability requiring a permission check fix in storage retrieval mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

GHSA-g46h-v2cc-6c94:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

Basic Information

Basic Information

Technical Details

4.3

4.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

GHSA-g46h-v2cc-6c94:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

Basic Information

Basic Information

Technical Details

4.3

4.3

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI