Lucene search

K
freebsdFreeBSDD9E154C9-7DE9-11ED-ADCA-080027D3A315
HistoryDec 13, 2022 - 12:00 a.m.

typo3 -- multiple vulnerabilities

2022-12-1300:00:00
vuxml.freebsd.org
14
typo3
vulnerabilities
denial of service
weak authentication
session expiration
code execution
information disclosure
html sanitizer
yaml placeholder expressions
cross-site scripting protection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.0%

TYPO3 reports:

TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling.
TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login.
TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset.
TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework.
TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration.
TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtypo3-11-php81< 11.5.20UNKNOWN
FreeBSDanynoarchtypo3-12-php81< 12.1.2UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.0%