php · typo3/cms-coreCritical
typo3/cms-core: Unauthorized file download via fallback storage in Media Module
Backend users with file download permissions could download files from the fallback storage of the file abstraction layer (FAL) via the Media Module, potentiall
What changed
Backend users with file download permissions could download files from the fallback storage of the file abstraction layer (FAL) via the Media Module, potentially exposing sensitive files like log files.
Who it affects
TYPO3 CMS versions before 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS.
What to do today
Update to TYPO3 versions 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS immediately.
The trail
Collected→
Audited→
Written→
Published