TYPO3 vulnerable to Weak Authentication in Session Handling

🗓️ 14 Nov 2023 18:30:21Reported by GitHub Advisory DatabaseType

TYPO3 Weak Authentication Session Handling vulnerabilit

Reporter	Title	Published	Views	Family All 17
CNNVD	TYPO3 Security Vulnerabilities	14 Nov 202300:00	–	cnnvd
CVE	CVE-2023-47127	14 Nov 202319:26	–	cve
Cvelist	CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core	14 Nov 202319:26	–	cvelist
EUVD	EUVD-2023-2865	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : typo3 -- Multiple vulnerabilities (7cc003cb-83b9-11ee-957d-b42e991fc52e)	15 Nov 202300:00	–	nessus
Tenable Nessus	TYPO3 8.0.0 < 8.7.55 ELTS / 9.0.0 < 9.5.44 ELTS / 10.0.0 < 10.4.41 ELTS / 11.0.0 < 11.5.33 / 12.0.0 < 12.4.8 (TYPO3-CORE-SA-2023-006)	14 Nov 202300:00	–	nessus
Friends Of PHP	TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling	14 Nov 202309:58	–	friendsofphp
NCSC	Vulnerabilities fixed in TYPO3 Core	14 Nov 202300:00	–	ncsc
NVD	CVE-2023-47127	14 Nov 202320:15	–	nvd
OSV	BIT-TYPO3-2023-47127	6 Mar 202411:07	–	osv

Vulners

Node

typo3 cms-coreRange12.0.0–12.4.7composer

typo3 cms-coreRange11.0.0–11.5.32composer

typo3 cms-coreRange10.0.0–10.4.40composer

typo3 cms-coreRange9.0.0–9.5.43composer

typo3 cms-coreRange8.0.0–8.7.54composer

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm
github	www.github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019
typo3	www.typo3.org/security/advisory/typo3-core-sa-2023-006
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-47127
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml
github	www.github.com/advisories/GHSA-3vmm-7h4j-69rm

15 Dec 2023 22:14Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.14.2 - 5.4

EPSS0.00181

SSVC