==================================================================== CERT-Renater Note d'Information No. 2024/VULN411 _____________________________________________________________________ DATE : 08/10/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Bookmark Toolbar for TYPO3 CMS, Page Tree for TYPO3 CMS. ===================================================================== https://typo3.org/security/advisory/typo3-core-sa-2024-011 https://typo3.org/security/advisory/typo3-core-sa-2024-012 _____________________________________________________________________ Tue. 8th October, 2024 TYPO3-CORE-SA-2024-011: Denial of Service in TYPO3 Bookmark Toolbar Categories: Development, TYPO3 CMS Created by Oliver Hader It has been discovered that TYPO3 CMS is susceptible to denial of service. Component Type: TYPO3 CMS Subcomponent: Bookmark Toolbar (ext:backend) Release Date: October 8, 2024 Vulnerability Type: Denial of Service Affected Versions: 10.0.0-10.4.45, 11.0.0-11.5.39, 12.0.0-12.4.20, 13.0.0-13.3.0 Severity: Low Suggested CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C References: CVE-2024-34537, CWE-248, CWE-1286 Problem Description Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. Credits Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue. General Advice Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list. General Note All security-related code changes are tagged so you can easily look them up in our review system. _____________________________________________________________________ Tue. 8th October, 2024 TYPO3-CORE-SA-2024-012: Information Disclosure in TYPO3 Page Tree Categories: Development, TYPO3 CMS Created by Oliver Hader It has been discovered that TYPO3 CMS is susceptible to information disclosure. Component Type: TYPO3 CMS Subcomponent: Page Tree (ext:backend) Release Date: October 8, 2024 Vulnerability Type: Information Disclosure Affected Versions: 10.0.0-10.4.45, 11.0.0-11.5.39, 12.0.0-12.4.20, 13.0.0-13.3.0 Severity: Low Suggested CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C References: CVE-2024-47780, CWE-863 Problem Description Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. Credits Thanks to Peter Schuler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. General Advice Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list. General Note All security-related code changes are tagged so you can easily look them up in our review system. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================