Low severity3.1NVD Advisory· Published Oct 8, 2024· Updated Jun 17, 2026
CVE-2024-47780
CVE-2024-47780
Description
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-backendPackagist | >= 13.0.0, < 13.3.1 | 13.3.1 |
typo3/cms-backendPackagist | >= 12.0.0, < 12.4.21 | 12.4.21 |
typo3/cms-backendPackagist | >= 11.0.0, < 11.5.40 | 11.5.40 |
typo3/cms-backendPackagist | >= 10.0.0, < 10.4.46 | 10.4.46 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6qnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rf5m-h8q9-9w6qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47780ghsaADVISORY
- typo3.org/security/advisory/typo3-core-sa-2024-012nvdVendor AdvisoryWEB
- github.com/TYPO3-CMS/backend/commit/8b024b08a2c7071a2f2ff7c758766e4e9273f83cghsaWEB
- github.com/TYPO3-CMS/backend/commit/9ae1ef969b63292a13f80955a95713cabd45cc22ghsaWEB
- github.com/TYPO3-CMS/backend/commit/a7b3c924014ada61632cd5e3fb9825fcc86c5719ghsaWEB
News mentions
0No linked articles in our index yet.