Lucene search

FreeBSDD9E154C9-7DE9-11ED-ADCA-080027D3A315

HistoryDec 13, 2022 - 12:00 a.m.

typo3 -- multiple vulnerabilities

2022-12-1300:00:00

vuxml.freebsd.org

typo3

vulnerabilities

denial of service

weak authentication

session expiration

code execution

information disclosure

html sanitizer

yaml placeholder expressions

cross-site scripting protection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

TYPO3 reports:

TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling.
TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login.
TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset.
TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework.
TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration.
TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtypo3-11-php81< 11.5.20UNKNOWN
FreeBSDanynoarchtypo3-12-php81< 12.1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	typo3-11-php81	< 11.5.20	UNKNOWN
FreeBSD	any	noarch	typo3-12-php81	< 12.1.2	UNKNOWN

References

typo3.org/article/typo3-1211-11520-and-10433-security-releases-published

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for D9E154C9-7DE9-11ED-ADCA-080027D3A315