Lucene search

GitHub Advisory DatabaseGHSA-4RPV-G4GQ-RH4M

HistoryMay 17, 2022 - 3:46 a.m.

TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component

2022-05-1703:46:18

CWE-200

GitHub Advisory Database

github.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.9%

JSON

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange≤6.1.6

typo3cms_poll_system_extensionRange≤6.0.11

typo3cms_poll_system_extensionRange≤4.7.16

typo3cms_poll_system_extensionRange≤4.5.31

CPENameOperatorVersion
typo3/cmsle6.1.6
typo3/cmsle6.0.11
typo3/cmsle4.7.16
typo3/cmsle4.5.31

Name	Operator	Version
typo3/cms	le	6.1.6
typo3/cms	le	6.0.11
typo3/cms	le	4.7.16
typo3/cms	le	4.5.31

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

lists.opensuse.org/opensuse-updates/2016-08/msg00106.html

seclists.org/oss-sec/2013/q4/473

seclists.org/oss-sec/2013/q4/487

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/

www.debian.org/security/2014/dsa-2834

github.com/advisories/GHSA-4rpv-g4gq-rh4m

nvd.nist.gov/vuln/detail/CVE-2013-7073

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for GHSA-4RPV-G4GQ-RH4M