php · typo3/cms-coreHeads-up
typo3/cms-core: Recycler module privilege escalation fix
Backend users with Recycler module access could restore soft-deleted records on unauthorized pages or tables.
What changed
Backend users with Recycler module access could restore soft-deleted records on unauthorized pages or tables. Fixed in TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS.
Who it affects
TYPO3 instances with Recycler module enabled and backend users with access to it.
What to do today
Update to one of the patched versions: 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS.
The trail
Collected→
Audited→
Written→
Published