GoogleOSV:GHSA-8W3P-QH3X-6GJRTYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
0.001 Low
EPSS
Percentile
36.8%
Problem
Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.
A valid backend user account having administrator privileges is needed to exploit this vulnerability.
Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.
References
References
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
nvd.nist.gov/vuln/detail/CVE-2022-23504
typo3.org/security/advisory/typo3-core-sa-2022-016
Related
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
0.001 Low
EPSS
Percentile
36.8%