Lucene search

OpenJS FoundationFRIENDSOFPHP:TYPO3:CMS-CORE:CVE-2022-23504

HistoryDec 13, 2022 - 9:19 a.m.

TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

2022-12-1309:19:27

OpenJS Foundation

github.com

typo3

security advisory

information disclosure

yaml placeholder

site configuration

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.8%

JSON

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-016

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<12.1.1

CPENameOperatorVersion
typo3/cms-corelt12.1.1

CPE	Name	Operator	Version
	typo3/cms-core	lt	12.1.1

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for FRIENDSOFPHP:TYPO3:CMS-CORE:CVE-2022-23504