Cross-Site Request Forgery Vulnerability in TYPO3 Content Management Framework

CVE-2024-55945

What is CVE-2024-55945?

A vulnerability has been found in TYPO3's backend user interface involving deep links, making it susceptible to Cross-Site Request Forgery (CSRF). This security flaw arises when state-changing actions in downstream components fail to enforce the appropriate HTTP methods, allowing unauthorized data manipulation. Exploitation requires the target user to be logged into the backend interface and to click on a malicious link, potentially received via email or from a compromised website. The vulnerability can be exacerbated by misconfigurations in security settings that disable crucial protections. Users are strongly urged to upgrade to TYPO3 version 11.5.42 ELTS to mitigate risk.

References