CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
typo3typo3
10.0.0 ≤
𝑥
< 10.4.46
typo3typo3
11.0.0 ≤
𝑥
< 11.5.40
typo3typo3
12.0.0 ≤
𝑥
< 12.4.21
typo3typo3
13.0.0 ≤
𝑥
< 13.3.1
𝑥
= Vulnerable software versions
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
https://typo3.org/security/advisory/typo3-core-sa-2024-011
https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar