Miggo Logo
Miggo Vulnerability Database
GHSA-r287-hc8j-w56h

GHSA-r287-hc8j-w56h: TYPO3 Information Disclosure Vulnerability Exploitable by Editors

6.5

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-r287-hc8j-w56h
EPSS Score
-
CWE
CWE-200
Published
5/30/2024
Updated
5/30/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cmscomposer>= 6.2.0, < 6.2.146.2.14
typo3/cmscomposer>= 7.0.0, < 7.3.17.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The security patch adds explicit checks for storage UID 0 in the init() method, indicating this was the vulnerable entry point. The vulnerability stemmed from the method's failure to restrict access to the fallback storage (UID 0), which represented the document root. The function's original logic allowed folder object resolution for storage 0 without proper authorization checks, enabling information disclosure through the filelist module interface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It **s ***n *is*ov*r**, t**t **itors wit* ****ss to t** *il* list mo*ul* *oul* list *ll *il*s n*m*s *n* *ol**r n*m*s in t** root *ir**tory o* * TYPO* inst*ll*tion. Mo*i*i**tion o* *il*s, listin* *urt**r n*st** *ir**tori*s or r*tri*vin* *il* *ont*nts

Reasoning

T** s**urity p*t** ***s *xpli*it ****ks *or stor*** UI* * in t** `init()` m*t*o*, in*i**tin* t*is w*s t** vuln*r**l* *ntry point. T** vuln*r**ility st*mm** *rom t** m*t*o*'s **ilur* to r*stri*t ****ss to t** **ll***k stor*** (UI* *), w*i** r*pr*s*nt*