Typo3 Backend XSS Vulnerability

2022-05-0203:18:37

CWE-79

GitHub Advisory Database

github.com

typo3

backend

xss

vulnerability

information disclosure

jumpurl

remote attacker

arbitrary files

access control

authentication

web server user account

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

60.3%

JSON

An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host.

The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value.

There’s no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to.

Affected configurations

Vulners

Node

typo3typo3_cmsMatch4.3alpha1

typo3typo3_cmsRange4.2.0–4.2.6

typo3typo3_cmsRange4.1.0–4.1.10

typo3typo3_cmsRange4.0–4.0.12

typo3typo3_cmsRange3.3.0–3.9.0

VendorProductVersionCPE
typo3typo3_cms4.3alpha1cpe:2.3:a:typo3:typo3_cms:4.3alpha1:*:*:*:*:*:*:*
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*