Lucene search

GitHub Advisory DatabaseGHSA-7GXQ-5QQC-V3FC

HistoryMay 17, 2022 - 5:08 a.m.

TYPO3 Open redirect vulnerability in the Access tracking mechanism

2022-05-1705:08:47

CWE-601

GitHub Advisory Database

github.com

typo3

open redirect

access tracking

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.005

Percentile

76.5%

JSON

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

Vulners

Node

typo3cms-coreRange6.0.0–6.0.3

typo3cms-coreRange4.7.0–4.7.9

typo3cms-coreRange4.6.0–4.6.17

typo3cms-coreRange4.5.0–4.5.24

VendorProductVersionCPE
typo3cms-core*cpe:2.3:a:typo3:cms-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	cms-core	*	cpe:2.3:a:typo3:cms-core::::::::

References

lists.opensuse.org/opensuse-updates/2013-03/msg00079.html

secunia.com/advisories/52433

secunia.com/advisories/52638

typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/

www.debian.org/security/2013/dsa-2646

www.openwall.com/lists/oss-security/2013/03/12/3

www.osvdb.org/90924

www.securityfocus.com/bid/58330

github.com/advisories/GHSA-7gxq-5qqc-v3fc

nvd.nist.gov/vuln/detail/CVE-2013-1843

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.005

Percentile

76.5%

JSON

Related for GHSA-7GXQ-5QQC-V3FC