CVE-2024-34358
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g. /index.php?eID=tx_cms_showpic?file=3&...&frame=12345). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TYPO3 | typo3 | >= 9.0.0, < 9.5.48 | affected |
| TYPO3 | typo3 | >= 10.0.0, < 10.4.45 | affected |
| TYPO3 | typo3 | >= 11.0.0, < 11.5.37 | affected |
| TYPO3 | typo3 | >= 12.0.0, < 12.4.15 | affected |
| TYPO3 | typo3 | >= 13.0.0, < 13.1.1 | affected |
Weaknesses
- CWE-347: CWE-347: Improper Verification of Cryptographic Signature
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
- https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
- https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
- https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
- https://typo3.org/security/advisory/typo3-core-sa-2024-010
References
- https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
- https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
- https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
- https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
- https://typo3.org/security/advisory/typo3-core-sa-2024-010
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.