GitHub Advisory DatabaseGHSA-C7XR-736P-29J3TYPO3 is vulnerable to Insecure randomness in uniqid function
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
43.5%
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | cms-install | * | cpe:2.3:a:typo3:cms-install:*:*:*:*:*:*:*:* |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
github.com/advisories/GHSA-c7xr-736p-29j3
github.com/TYPO3/typo3/commit/302b35e714ca30ddb71ab36b9cbb2bea760a2f0e
github.com/TYPO3/typo3/commit/352d6066bf09137e86705bc060fd4ab3ba8f9191
github.com/TYPO3/typo3/commit/42324b30546b1e49fb16c916fc71cceb99ad9fd0
github.com/TYPO3/typo3/commit/f6d2e33cfab87c9e44eca275d6755be747e3cd7e
nvd.nist.gov/vuln/detail/CVE-2010-3666
security-tracker.debian.org/tracker/CVE-2010-3666
typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
43.5%