Lucene search

GitHub Advisory DatabaseGHSA-H47M-3F78-QP9G

HistoryFeb 13, 2024 - 5:23 p.m.

TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

2024-02-1317:23:31

CWE-200

GitHub Advisory Database

github.com

typo3

install tool

vulnerability

encryption key

information disclosure

http request

administrator account

system maintainer

update

elts

lts

security team

benjamin franzke

typo3-core-sa-2024-004

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Problem

The plaintext value of $GLOBALS['SYS']['encryptionKey'] was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions.

Solution

Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.

Credits

Thanks to TYPO3 core & security team member Benjamin Franzke who fixed the issue.

References

TYPO3-CORE-SA-2024-004

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionMatch13.0.0

typo3cms_poll_system_extensionRange≤12.4.10

typo3cms_poll_system_extensionRange≤11.5.34

typo3cms_poll_system_extensionRange≤10.4.42

typo3cms_poll_system_extensionRange≤9.5.45

typo3cms_poll_system_extensionRange≤8.7.56

CPENameOperatorVersion
typo3/cms-coreeq13.0.0
typo3/cms-corele12.4.10
typo3/cms-corele11.5.34
typo3/cms-corele10.4.42
typo3/cms-corele9.5.45
typo3/cms-corele8.7.56