Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

Privilege Escalation in TYPO3 Neos

It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation.
Component Type: TYPO3 Neos Release Date: March 28, 2015 Bulletin Update: none

Vulnerability Type: Authentication Bypass

Affected Versions: 1.1.0 to 1.1.2 and 1.2.0 to 1.2.2 Severity: Low Suggested CVSS v2.0: <link http: nvd.nist.gov _blank>AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C CVE: not assigned yet Problem Description: It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors. Solution: Update to TYPO3 Neos versions 1.1.3 or 1.2.3 that fix the problem described. Credits: Thanks to Robert Lemke who discovered and to Andreas Förthner who reported and fixed the vulnerability. General Advice: Please subscribe to the <link http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>typo3-announce mailing list.

Latest news

Show more