TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

🗓️ 13 Feb 2024 17:23:31Reported by GitHub Advisory DatabaseType

TYPO3 Install Tool vulnerability in Encryption Ke

Reporter	Title	Published	Views	Family All 16
FreeBSD	typo3-{11,12} -- multiple vulnerabilities	13 Feb 202400:00	–	freebsd
Circl	CVE-2024-25119	14 Feb 202400:21	–	circl
CNNVD	TYPO3 Information Disclosure Vulnerability	13 Feb 202400:00	–	cnnvd
CVE	CVE-2024-25119	13 Feb 202422:16	–	cve
Cvelist	CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool	13 Feb 202422:16	–	cvelist
EUVD	EUVD-2024-0648	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)	17 Mar 202400:00	–	nessus
Tenable Nessus	TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-004)	13 Feb 202400:00	–	nessus
NVD	CVE-2024-25119	13 Feb 202423:15	–	nvd
OSV	CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool	13 Feb 202422:16	–	osv

Vulners

Node

typo3 cms-coreMatch13.0.0composer

typo3 cms-coreRange12.0.0–12.4.10composer

typo3 cms-coreRange11.0.0–11.5.34composer

typo3 cms-coreRange10.0.0–10.4.42composer

typo3 cms-coreRange9.0.0–9.5.45composer

typo3 cms-coreRange8.0.0–8.7.56composer

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g
github	www.github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1
github	www.github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557
github	www.github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd
typo3	www.typo3.org/security/advisory/typo3-core-sa-2024-004
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-25119
github	www.github.com/advisories/GHSA-h47m-3f78-qp9g

14 Feb 2024 14:53Current

7.1High risk

Vulners AI Score7.1

CVSS 3.14.9

EPSS0.00291

SSVC