GitHub_MCVELIST:CVE-2022-23501CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.2%
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CNA Affected
[
{
"vendor": "TYPO3",
"product": "typo3",
"versions": [
{
"version": ">= 8.0.0, < 8.7.49",
"status": "affected"
},
{
"version": ">= 9.0.0, < 9.5.38",
"status": "affected"
},
{
"version": ">= 10.0.0, < 10.4.33",
"status": "affected"
},
{
"version": ">= 11.0.0, < 11.5.20",
"status": "affected"
},
{
"version": ">= 12.0.0, < 12.1.1",
"status": "affected"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.2%