Typo3 Information Disclosure in Page Tree · GHSA-h934-f4m4-wc8x · GitHub Advisory Database · GitHub

Typo3 Information Disclosure in Page Tree

Low severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

typo3/cms (Composer)

Affected versions

>= 9.0.0, < 9.5.6

Patched versions

9.5.6

Description

It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

References

Published to the GitHub Advisory Database Jun 5, 2024

Reviewed Jun 5, 2024

Last updated Jun 5, 2024