TYPO3 CMS Broken Access Control Vulnerability in Backend AJAX Routes

A broken access control vulnerability has been identified in the Workspace Module of TYPO3 CMS. This issue affects versions 9.0.0 through 9.5.54, 10.0.0 through 10.4.53, 11.0.0 through 11.5.47, 12.0.0 through 12.4.36, and 13.0.0 through 13.4.17. The vulnerability arises from missing authorization checks in dedicated AJAX routes used by TYPO3 backend modules. As a result, authenticated backend users can directly invoke these routes without the necessary permissions, potentially leading to unauthorized disclosure, modification, or deletion of sensitive information.

Impact

Exploitation of this vulnerability allows authenticated backend users to bypass module-level access controls, directly invoking AJAX routes to read, modify, or delete data without proper authorization.

Remediation

Users are advised to update TYPO3 to versions 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, or 13.4.18 LTS. These versions include the necessary access controls for AJAX routes, ensuring they inherit permissions from the corresponding backend modules.