5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
0.001 Low
EPSS
Percentile
36.8%
TYPO3 is an open source PHP based web content management system. Versions
prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive
Information Disclosure. Due to the lack of handling user-submitted YAML
placeholder expressions in the site configuration backend module, attackers
could expose sensitive internal information, such as system configuration
or HTTP request messages of other website visitors. A valid backend user
account having administrator privileges is needed to exploit this
vulnerability. This issue has been patched in versions 9.5.38 ELTS,
10.4.33, 11.5.20, 12.1.1.