Lucene search

GitHub Advisory DatabaseGHSA-2WGG-C8XC-7GG3

HistoryMay 02, 2022 - 3:46 a.m.

TYPO3 Backend Discloses Encryption Key

2022-05-0203:46:56

CWE-200

GitHub Advisory Database

github.com

typo3

backend

encryption

disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.7%

JSON

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

Affected configurations

Vulners

Node

typo3another_backend_loginRange4.3alpha1–4.3beta2

typo3another_backend_loginRange4.2.0–4.2.10

typo3another_backend_loginRange4.1.0–4.1.13

typo3another_backend_loginRange≤4.0.13

VendorProductVersionCPE
typo3another_backend_login*cpe:2.3:a:typo3:another_backend_login:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	another_backend_login	*	cpe:2.3:a:typo3:another_backend_login::::::::

References

marc.info/?l=oss-security&m=125632856206736&w=2

typo3.org/teams/security/security-bulletins/typo3-sa-2009-016

exchange.xforce.ibmcloud.com/vulnerabilities/53917

github.com/advisories/GHSA-2wgg-c8xc-7gg3

nvd.nist.gov/vuln/detail/CVE-2009-3628

web.archive.org/web/20101223093042/www.securityfocus.com/bid/36801

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.7%

JSON

Related for GHSA-2WGG-C8XC-7GG3