{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47780", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-30T21:28:53.236Z", "datePublished": "2024-10-08T17:57:21.523Z", "dateUpdated": "2024-10-08T18:17:24.168Z"}, "containers": {"cna": {"title": "Information Disclosure in TYPO3 Page Tree", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q"}, {"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-012", "tags": ["x_refsource_MISC"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-012"}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"version": ">= 10.0.0, < 10.4.46", "status": "affected"}, {"version": ">= 11.0.0, < 11.5.40", "status": "affected"}, {"version": ">= 12.0.0, < 12.4.21", "status": "affected"}, {"version": ">= 13.0.0, < 13.3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-08T17:57:21.523Z"}, "descriptions": [{"lang": "en", "value": "TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to \"everybody.\" However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-rf5m-h8q9-9w6q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T18:17:16.402927Z", "id": "CVE-2024-47780", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T18:17:24.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47780", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T18:17:16.402927Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T18:17:20.610Z"}}], "cna": {"title": "Information Disclosure in TYPO3 Page Tree", "source": {"advisory": "GHSA-rf5m-h8q9-9w6q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"status": "affected", "version": ">= 10.0.0, < 10.4.46"}, {"status": "affected", "version": ">= 11.0.0, < 11.5.40"}, {"status": "affected", "version": ">= 12.0.0, < 12.4.21"}, {"status": "affected", "version": ">= 13.0.0, < 13.3.1"}]}], "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q", "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-012", "name": "https://typo3.org/security/advisory/typo3-core-sa-2024-012", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to \"everybody.\" However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-08T17:57:21.523Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47780", "state": "PUBLISHED", "dateUpdated": "2024-10-08T18:17:24.168Z", "dateReserved": "2024-09-30T21:28:53.236Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-10-08T17:57:21.523Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD52EDD0-01D2-44B1-81FE-248BF4319A09", "versionEndExcluding": "10.4.46", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "C628257E-344C-4688-8615-3D84F77FFA13", "versionEndExcluding": "11.5.40", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3CA3D6C-1394-47B8-8774-375E9A522B70", "versionEndExcluding": "12.4.21", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "26A3AB06-C773-47E2-9D59-F3B1F754C10D", "versionEndExcluding": "13.3.1", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to \"everybody.\" However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "TYPO3 es un framework de gesti\u00f3n de contenido gratuito y de c\u00f3digo abierto. Los usuarios del backend pod\u00edan ver elementos en el \u00e1rbol de p\u00e1ginas del backend sin tener acceso si los montajes apuntaban a p\u00e1ginas restringidas para su usuario/grupo, o si no se configuraban montajes pero las p\u00e1ginas permit\u00edan el acceso a \"todos\". Sin embargo, los usuarios afectados no pod\u00edan manipular estas p\u00e1ginas. Se recomienda a los usuarios que actualicen a las versiones 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 de TYPO3 que solucionan el problema descrito. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-47780", "lastModified": "2025-09-03T17:31:52.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-08T18:15:30.950", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-012"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}