typo3/cms-core Security Advisories for v13.0.0 (6)
-
[HIGH] TYPO3 Install Tool vulnerable to Code Execution
PKSA-prgj-sgzn-q6cs CVE-2024-22188 GHSA-5w2h-59j3-8x5w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages
PKSA-zz7z-6zsy-d2hc CVE-2023-30451 GHSA-3gjc-mp82-fj4q
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[HIGH] TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
PKSA-99mg-htb6-c272 CVE-2024-25121 GHSA-rj3x-wvc6-5j66
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
PKSA-h5xk-8nxx-znp4 CVE-2024-25120 GHSA-wf85-8hx9-gj7c
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
PKSA-d551-hdqh-5mmf CVE-2024-25119 GHSA-h47m-3f78-qp9g
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
PKSA-jbhx-knzt-5y6m CVE-2024-25118 GHSA-38r2-5695-334w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub