{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47012?format=json","vulnerability_id":"VCID-uua1-9rt1-dfbz","summary":"Improper Access Control\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.","aliases":[{"alias":"CVE-2024-25120"},{"alias":"GHSA-wf85-8hx9-gj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68928?format=json","purl":"pkg:composer/typo3/cms-core@8.7.56","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.56"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cf9m-qdyj-eyav"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zbm9-cx69-wqg3"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68929?format=json","purl":"pkg:composer/typo3/cms-core@9.5.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.45"},{"url":"http://public2.vulnerablecode.io/api/packages/58460?format=json","purl":"pkg:composer/typo3/cms-core@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-9tpm-8udy-c3cd"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-gxsd-4nd9-gqgn"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68930?format=json","purl":"pkg:composer/typo3/cms-core@10.4.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.42"},{"url":"http://public2.vulnerablecode.io/api/packages/58462?format=json","purl":"pkg:composer/typo3/cms-core@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-9tpm-8udy-c3cd"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-fsx8-7qjz-2ubw"},{"vulnerability":"VCID-gxsd-4nd9-gqgn"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68931?format=json","purl":"pkg:composer/typo3/cms-core@11.5.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.34"},{"url":"http://public2.vulnerablecode.io/api/packages/63852?format=json","purl":"pkg:composer/typo3/cms-core@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-9tpm-8udy-c3cd"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-gxsd-4nd9-gqgn"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68932?format=json","purl":"pkg:composer/typo3/cms-core@12.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/68933?format=json","purl":"pkg:composer/typo3/cms-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-9tpm-8udy-c3cd"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-y3zj-acc7-jkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.0"}],"references":[{"reference_url":"https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references","reference_id":"","reference_type":"","scores":[],"url":"https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"},{"reference_url":"https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6"},{"reference_url":"https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f"},{"reference_url":"https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-005"},{"reference_url":"https://github.com/advisories/GHSA-wf85-8hx9-gj7c","reference_id":"GHSA-wf85-8hx9-gj7c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wf85-8hx9-gj7c"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c","reference_id":"GHSA-wf85-8hx9-gj7c","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":284,"name":"Improper Access Control","description":"The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uua1-9rt1-dfbz"}