CVE-2023-30451: Path Traversal
First published: Mon Dec 25 2023(Updated: )
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w6x2-jg8h-p6mp. This link is maintained to preserve external references. ## Original Description In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST `/typo3/record/edit` with `../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]`.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms-core | =11.5.24 | |
| composer/typo3/cms-core | =13.0.0 | 13.0.1 |
| composer/typo3/cms-core | >=12.0.0<=12.4.10 | 12.4.11 |
| composer/typo3/cms-core | >=11.0.0<=11.5.34 | 11.5.35 |
| composer/typo3/cms-core | >=10.0.0<=10.4.42 | 10.4.43 |
| composer/typo3/cms-core | >=9.0.0<=9.5.45 | 9.5.46 |
| composer/typo3/cms-core | >=8.0.0<=8.7.56 | 8.7.57 |
| TYPO3 | =11.5.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-30451
- https://github.com/advisories/GHSA-3gjc-mp82-fj4q (Advisory)
- https://github.com/TYPO3/typo3/security/advisories/GHSA-w6x2-jg8h-p6mp
- https://typo3.org/security/advisory/typo3-core-sa-2024-001
- https://github.com/TYPO3/typo3/commit/205115cca3d67594a12d0195c937da0e51eb494a
- https://github.com/TYPO3/typo3/commit/78fb9287a2f0487c39288070cb0493a5265f1789
- https://github.com/TYPO3/typo3/commit/accf537c7379b4359bc0f957c4d0c07baddd710a
- https://github.com/advisories/GHSA-w6x2-jg8h-p6mp (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-30451?
CVE-2023-30451 has been designated as a duplicate advisory and does not have a severity rating as it refers to a previously reported vulnerability.
How do I fix CVE-2023-30451?
To remediate CVE-2023-30451, upgrade TYPO3 to version 11.5.35, 12.4.11, 13.0.1 or to the latest available version.
What software versions are affected by CVE-2023-30451?
CVE-2023-30451 affects TYPO3 version 11.5.24 and may also impact versions prior to the remedial updates.
Who is impacted by CVE-2023-30451?
Administrators using TYPO3 version 11.5.24 are impacted by CVE-2023-30451 due to vulnerabilities in the filelist component.
What kind of vulnerability is CVE-2023-30451?
CVE-2023-30451 has been withdrawn but is related to path traversal vulnerabilities in TYPO3.
- agent/author
- agent/type
- agent/first-publish-date
- agent/weakness
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-3gjc-mp82-fj4q
- agent/software-canonical-lookup
- agent/severity
- agent/event
- alias/GHSA-w6x2-jg8h-p6mp
- alias/CVE-2023-30451
- agent/references
- collector/github-advisory
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/11.5.24