php · typo3/cms-coreHeads-up
typo3/cms-core: Backend users could move records without source edit permissions
Backend users could move records to a different page without edit permissions on the source page.
What changed
Backend users could move records to a different page without edit permissions on the source page. Fixed in TYPO3 versions 13.4.31 LTS and 14.3.3 LTS.
Who it affects
All TYPO3 installations with backend users who have move permissions but not edit permissions on source pages.
What to do today
Update to TYPO3 13.4.31 LTS or 14.3.3 LTS to fix the vulnerability.
The trail
Collected→
Audited→
Written→
Published