CVE-2010-3714 — TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism

Description

The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

How to fix CVE-2010-3714

To remediate CVE-2010-3714, upgrade the affected package to a fixed version below.

Debian/typo3-src—upgrade to 4.2.5-1+lenny6 or later
Packagist/typo3/cms—upgrade to 4.2.15 or later

Is CVE-2010-3714 being exploited?

Moderate — EPSS is 33.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 4.2.5-1+lenny6
>= 4.2.0, < 4.2.15

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-3714
PATCHgithub.com/TYPO3/typo3
WEBblog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
WEBgithub.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620