CVE-2024-55923
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-55923 is a vulnerability affecting the TYPO3 Content Management Framework. The backend user interface functionality, specifically deep links, is at risk due to Cross-Site Request Forgery (CSRF). Malicious URLs can trick users into interacting with the backend, exploiting incorrect handling of state-changing actions in downstream components. This issue allows attackers to delete items in the Indexed Search Module using HTTP GET requests, bypassing the necessary HTTP method. To secure against this vulnerability, users must update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, and 13.4.3 LTS. No known workarounds exist, and the vulnerability is exacerbated when `security.backend.enforceReferrer` is disabled and `BE/cookieSameSite` is set to lax or none.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- TYPO3
Affected Vendors
- TYPO3