TYPO3 CMS Backend API Broken Access Control Vulnerability

A broken access control vulnerability has been identified in TYPO3 CMS Backend API. Authenticated backend users could access file metadata through various API routes without proper permission checks. This flaw allowed users to retrieve files outside their authorized file mounts or storage areas. The vulnerability affects TYPO3 CMS versions prior to 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2.

Impact

Exploitation of this vulnerability could lead to unauthorized access to file metadata and files outside of a user's permitted storage areas.

Reproduction

To reproduce this vulnerability, an authenticated backend user can send requests to the affected Backend API routes that handle file metadata. The API will respond with file information without verifying if the user has the right permissions to access those files, potentially including files from unauthorized storage areas.

Remediation

Users are advised to update TYPO3 to versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS, all of which address this vulnerability.