Security Advisories - typo3/cms-core

typo3/cms-core Security Advisories for v12.4.2 (11)

[MEDIUM] TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

PKSA-tm11-834c-1wbq CVE-2024-34358 GHSA-36g8-62qv-5957

Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47

Reported by:
GitHub
[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

PKSA-443h-dk5w-qm2g CVE-2024-34357 GHSA-hw6c-6gwq-3m3m

Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47

Reported by:
GitHub
[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

PKSA-8vkj-4d3h-x586 CVE-2024-34356 GHSA-v6mw-h7w6-59w3

Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47

Reported by:
GitHub
[HIGH] TYPO3 Install Tool vulnerable to Code Execution

PKSA-prgj-sgzn-q6cs CVE-2024-22188 GHSA-5w2h-59j3-8x5w

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages

PKSA-zz7z-6zsy-d2hc CVE-2023-30451 GHSA-w6x2-jg8h-p6mp

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[HIGH] TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

PKSA-99mg-htb6-c272 CVE-2024-25121 GHSA-rj3x-wvc6-5j66

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[MEDIUM] TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

PKSA-h5xk-8nxx-znp4 CVE-2024-25120 GHSA-wf85-8hx9-gj7c

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[MEDIUM] TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

PKSA-d551-hdqh-5mmf CVE-2024-25119 GHSA-h47m-3f78-qp9g

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[MEDIUM] TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

PKSA-jbhx-knzt-5y6m CVE-2024-25118 GHSA-38r2-5695-334w

Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56

Reported by:
GitHub
[MEDIUM] TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

PKSA-jp7z-h3vv-yr4s CVE-2023-47127 GHSA-3vmm-7h4j-69rm

Affected version: >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[LOW] Information Disclosure due to Out-of-scope Site Resolution

PKSA-83hy-ynvj-7pfq CVE-2023-38499 GHSA-jq6g-4v5m-wm9r

Affected version: >=12.0.0,<12.4.4|>=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.4.0,<9.5.42

Reported by:
GitHub

typo3/cms-core Security Advisories for v12.4.2 (11)

[MEDIUM] TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

[HIGH] TYPO3 Install Tool vulnerable to Code Execution

[MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages

[HIGH] TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

[MEDIUM] TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

[MEDIUM] TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

[MEDIUM] TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

[MEDIUM] TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

[LOW] Information Disclosure due to Out-of-scope Site Resolution