TYPO3 CMS DataHandler Component Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the DataHandler component of TYPO3 CMS. This issue allows backend users to move records to a different page without having the necessary edit permissions on the source page. The vulnerability affects TYPO3 CMS versions 13.0.0 prior to 13.4.31 and 14.0.0 prior to 14.3.3.

Impact

Exploitation of this vulnerability could lead to unauthorized record movements between pages, potentially disrupting content management and workflow processes.

Reproduction

To reproduce this vulnerability, a backend user must attempt to move a record from a page where they do not have edit permissions to another page. This can be done using the DataHandler's moveRecord() function, which has been modified to simplify access checks. The vulnerability arises because one critical permission check was inadvertently removed during a previous refactoring, allowing unauthorized record movements.

Remediation

Users are advised to update TYPO3 to versions 13.4.31 LTS or 14.3.3 LTS, which address this vulnerability.