CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to password hashes being inadvertently reflected in editing forms. An attacker can potentially crack plaintext passwords through brute force techniques.
github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b
github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a
github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049
github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w
typo3.org/security/advisory/typo3-core-sa-2024-003