fkie_cve-2024-55923
Vulnerability from fkie_nvd
Published
2025-01-14 20:15
Modified
2025-01-14 20:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue.
References
security-advisories@github.comhttps://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545
security-advisories@github.comhttps://typo3.org/security/advisory/typo3-core-sa-2025-008
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue.",
      },
      {
         lang: "es",
         value: "TYPO3 es un framework gestor de contenidos gratuito y de código abierto. Se ha identificado una vulnerabilidad en la funcionalidad de la interfaz de usuario del backend que implica enlaces profundos. En concreto, esta funcionalidad es susceptible a Cross-Site Request Forgery (CSRF). Además, las acciones de cambio de estado en los componentes posteriores aceptaron incorrectamente los envíos a través de HTTP GET y no aplicaron el método HTTP adecuado. Para explotar con éxito esta vulnerabilidad, la víctima debe tener una sesión activa en la interfaz de usuario del backend y ser engañada para que interactúe con una URL maliciosa dirigida al backend, lo que puede ocurrir en las siguientes condiciones: El usuario abre un enlace malicioso, como uno enviado por correo electrónico. El usuario visita un sitio web comprometido o manipulado mientras las siguientes configuraciones están mal configuradas: 1. La función `security.backend.enforceReferrer` está deshabilitada, 2. La configuración `BE/cookieSameSite` está establecida en lax o ninguna. La vulnerabilidad en el componente posterior afectado \"Módulo de búsqueda indexada\" permite a los atacantes eliminar elementos del componente. Se recomienda a los usuarios que actualicen a las versiones 11.5.42 ELTS, 12.4.25 LTS y 13.4.3 LTS de TYPO3, que solucionan el problema descrito. No se conocen Workarounds para este problema.",
      },
   ],
   id: "CVE-2024-55923",
   lastModified: "2025-01-14T20:15:30.197",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "security-advisories@github.com",
            type: "Secondary",
         },
      ],
   },
   published: "2025-01-14T20:15:30.197",
   references: [
      {
         source: "security-advisories@github.com",
         url: "https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545",
      },
      {
         source: "security-advisories@github.com",
         url: "https://typo3.org/security/advisory/typo3-core-sa-2025-008",
      },
   ],
   sourceIdentifier: "security-advisories@github.com",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
            {
               lang: "en",
               value: "CWE-749",
            },
         ],
         source: "security-advisories@github.com",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.