Lucene search

GitHub Advisory DatabaseGHSA-87HC-PHMJ-RHGH

HistoryMay 13, 2022 - 1:46 a.m.

TYPO3 Information Disclosure Vulnerability

2022-05-1301:46:32

CWE-319

GitHub Advisory Database

github.com

typo3

information disclosure

vulnerability

http request

remote attackers

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Affected configurations

Vulners

Node

typo3typo3_cmsMatch7.6.15

VendorProductVersionCPE
typo3typo3_cms7.6.15cpe:2.3:a:typo3:typo3_cms:7.6.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	7.6.15	cpe:2.3:a:typo3:typo3_cms:7.6.15:::::::*

References

www.securityfocus.com/bid/97071

github.com/advisories/GHSA-87hc-phmj-rhgh

github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request

nvd.nist.gov/vuln/detail/CVE-2017-6370

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Related for GHSA-87HC-PHMJ-RHGH