Fallback Storage Vulnerability in TYPO3 Allows File Name and Content Retrieval
CVE-2024-25121

7.1HIGH

Key Information:

Vendor: Typo3
Status: Typo3
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-25121?

TYPO3, a popular open-source PHP-based web content management system, has a vulnerability involving the File Abstraction Layer (FAL). In affected versions, utilizing the DataHandler, attackers can exploit this issue to gain unauthorized access to files in the fallback storage. This storage, referred to as 'zero-storage', serves as a compatibility layer for files that are outside correctly configured file storages and within the public web root directory. Exploitation requires an existing valid backend user account, making it critical for users to update to the latest secure versions. Updates to TYPO3 ensure that access to 'sys_file' entities is restricted by default and that 'sys_file_reference' and 'sys_file_metadata' cannot reference fallback storage files without explicit permission.

Affected Version(s)

typo3 >= 13.0.0, < 13.0.1 < 13.0.0, 13.0.1

typo3 >= 12.0.0, < 12.4.11 < 12.0.0, 12.4.11

typo3 >= 11.0.0, < 11.5.35 < 11.0.0, 11.5.35

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-r...

x_refsource_CONFIRM

https://typo3.org/security/advisory/typo3-core-sa-2024-006

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Feb 5, 2024

Typo3

What is CVE-2024-25121?

Affected Version(s)

References

CVSS V3.1

Timeline