Lucene search

K
cvelistGitHub_MCVELIST:CVE-2022-23501
HistoryDec 14, 2022 - 7:23 a.m.

CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login

2022-12-1407:23:46
CWE-287
GitHub_M
www.cve.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

CNA Affected

[
  {
    "vendor": "TYPO3",
    "product": "typo3",
    "versions": [
      {
        "version": ">= 8.0.0, < 8.7.49",
        "status": "affected"
      },
      {
        "version": ">= 9.0.0, < 9.5.38",
        "status": "affected"
      },
      {
        "version": ">= 10.0.0, < 10.4.33",
        "status": "affected"
      },
      {
        "version": ">= 11.0.0, < 11.5.20",
        "status": "affected"
      },
      {
        "version": ">= 12.0.0, < 12.1.1",
        "status": "affected"
      }
    ]
  }
]

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%