CVE-2024-55894 (GCVE-0-2024-55894)
Vulnerability from cvelistv5
Published
2025-01-14 19:57
Modified
2025-05-20 17:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
  • CWE-749 - Exposed Dangerous Method or Function
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Backend User Module” allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.
References
Impacted products
Vendor Product Version
TYPO3 typo3 Version: >= 10.0.0, < 10.4.48
Version: >= 11.0.0, < 11.5.42
Version: >= 12.0.0, < 12.4.25
Version: >= 13.0.0, < 13.4.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T15:45:57.430970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T15:46:08.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "typo3",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.4.48"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.5.42"
            },
            {
              "status": "affected",
              "version": "\u003e= 12.0.0, \u003c 12.4.25"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0.0, \u003c 13.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cBackend User Module\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T17:58:00.457Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v"
        },
        {
          "name": "https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea"
        },
        {
          "name": "https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d"
        },
        {
          "name": "https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab"
        },
        {
          "name": "https://typo3.org/security/advisory/typo3-core-sa-2025-004",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-004"
        }
      ],
      "source": {
        "advisory": "GHSA-6w4x-gcx3-8p7v",
        "discovery": "UNKNOWN"
      },
      "title": "TYPO3 Cross-Site Request Forgery in Backend User Module"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-55894",
    "datePublished": "2025-01-14T19:57:28.172Z",
    "dateReserved": "2024-12-12T15:03:39.206Z",
    "dateUpdated": "2025-05-20T17:58:00.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-55894\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-14T20:15:29.380\",\"lastModified\":\"2025-05-20T18:15:44.700\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cBackend User Module\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.\"},{\"lang\":\"es\",\"value\":\"TYPO3 es un framework gestor de contenidos gratuito y de c\u00f3digo abierto. Se ha identificado una vulnerabilidad en la funcionalidad de la interfaz de usuario del backend que involucra enlaces profundos. Espec\u00edficamente, esta funcionalidad es susceptible a Cross-Site Request Forgery (CSRF). Adem\u00e1s, las acciones de cambio de estado en los componentes posteriores aceptaron incorrectamente los env\u00edos a trav\u00e9s de HTTP GET y no aplicaron el m\u00e9todo HTTP apropiado. La explotaci\u00f3n exitosa de esta vulnerabilidad requiere que la v\u00edctima tenga una sesi\u00f3n activa en la interfaz de usuario del backend y sea enga\u00f1ada para interactuar con una URL maliciosa dirigida al backend, lo que puede ocurrir bajo las siguientes condiciones: El usuario abre un enlace malicioso, como uno enviado por correo electr\u00f3nico. El usuario visita un sitio web comprometido o manipulado mientras las siguientes configuraciones est\u00e1n mal configuradas: 1. La funci\u00f3n `security.backend.enforceReferrer` est\u00e1 deshabilitada, 2. La configuraci\u00f3n `BE/cookieSameSite` est\u00e1 establecida en lax o ninguna. La vulnerabilidad en el componente posterior afectado \\\"Backend User Module\\\" permite a los atacantes iniciar restablecimientos de contrase\u00f1as para otros usuarios del backend o finalizar sus sesiones de usuario. Se recomienda a los usuarios actualizar a las versiones TYPO3 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS que solucionan el problema descrito.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"},{\"lang\":\"en\",\"value\":\"CWE-749\"}]}],\"references\":[{\"url\":\"https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://typo3.org/security/advisory/typo3-core-sa-2025-004\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-55894\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-15T15:45:57.430970Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-15T15:46:02.349Z\"}}], \"cna\": {\"title\": \"TYPO3 Cross-Site Request Forgery in Backend User Module\", \"source\": {\"advisory\": \"GHSA-6w4x-gcx3-8p7v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"TYPO3\", \"product\": \"typo3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 10.0.0, \u003c 10.4.48\"}, {\"status\": \"affected\", \"version\": \"\u003e= 11.0.0, \u003c 11.5.42\"}, {\"status\": \"affected\", \"version\": \"\u003e= 12.0.0, \u003c 12.4.25\"}, {\"status\": \"affected\", \"version\": \"\u003e= 13.0.0, \u003c 13.4.3\"}]}], \"references\": [{\"url\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v\", \"name\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea\", \"name\": \"https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d\", \"name\": \"https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab\", \"name\": \"https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://typo3.org/security/advisory/typo3-core-sa-2025-004\", \"name\": \"https://typo3.org/security/advisory/typo3-core-sa-2025-004\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \\u201cBackend User Module\\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-749\", \"description\": \"CWE-749: Exposed Dangerous Method or Function\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-20T17:58:00.457Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-55894\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T17:58:00.457Z\", \"dateReserved\": \"2024-12-12T15:03:39.206Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-14T19:57:28.172Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.