Login
  • News
  • TYPO3 security update 13.0.1, 12.4.11 LT...
E-MailE-Mail
Phone
0800-8976326 (inside Germany) or +49 711-94969-60

TYPO3 security update 13.0.1, 12.4.11 LTS and 11.5.35 LTS

The TYPO3 Security Team has released new TYPO3 versions today. These close six security gaps.

TYPO3-CORE-SA-2024-006: Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: Backend users could use the DataHandler to break out of their assigned file directory in which they stored files with the fallback file storage (UID: 0).

TYPO3-CORE-SA-2024-005: Improper Access Control of Resources Referenced by t3:// URI Scheme

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: Using the URI scheme "t3://", backend users could access files outside their assigned file directory.

TYPO3-CORE-SA-2024-004: Information Disclosure of Encryption Key in TYPO3 Install Tool

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: Anyone who logged into the install tool had access to the encryption key "$GLOBALS['SYS']['encryptionKey']" via the HTML source code. With this key it would have been possible to generate valid cHash values for the URI parameters.

TYPO3-CORE-SA-2024-003: Information Disclosure of Hashed Passwords in TYPO3 Backend Forms

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: The editing form of the backend user contained the encrypted user password, which could have been cracked using Bruteforce.

TYPO3-CORE-SA-2024-002: Code Execution in TYPO3 Install Tool

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: All input fields in the install tool for specifying the path of system commands could be misused for code execution.

TYPO3-CORE-SA-2024-001: Path Traversal in TYPO3 File Abstraction Layer Storages

Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, 13.0.0

Details: File storage (table: sys_file_storage) could previously also be configured for directories outside the TYPO3 project directory and web directory. This option was often used to access a shared parent image folder that was used for 2 or more TYPO3 instances. With the installation of this security update, this configuration is only possible after adjusting "[BE][lockRootPath]". Set this value to the absolute path to your shared image directory. This path must end with a slash.

Security update for TYPO3