Back end users can list files outside their file mounts or the document root in the FileSelector widget.
Update to Contao 4.13.49.
None.
https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget
If you have any questions or comments about this advisory, open an issue in contao/contao.
Thanks to Jakob Steeg from usd AG for reporting this vulnerability.
| Score | Percentile |
|---|---|
| 0.75% | 72.64% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 4.3 | 3.1 | — |
|
| 5.3 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-4p75-5p53-65m9 ↗ |
| CVE | CVE-2024-45604 ↗ |
| CWE id | Name |
|---|---|
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| composer | contao/core-bundle | < 4.13.49 | 4.13.49 | — |