Lucene search

GitHub Advisory DatabaseGHSA-P2JH-95JG-2W55

HistoryNov 14, 2023 - 8:34 p.m.

Information Disclosure in typo3/cms-install tool

2023-11-1420:34:26

CWE-200

GitHub Advisory Database

github.com

typo3

information disclosure

install tool

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

> ### CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C (3.5)

Problem

The login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected.

Solution

Update to TYPO3 version 12.4.8 that fixes the problem described above.

Credits

Thanks to Markus Klein who reported and fixed the issue.

References

TYPO3-CORE-SA-2023-005

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<12.4.8

CPENameOperatorVersion
typo3/cms-installlt12.4.8

CPE	Name	Operator	Version
	typo3/cms-install	lt	12.4.8

References

github.com/advisories/GHSA-p2jh-95jg-2w55

github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423

github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55

nvd.nist.gov/vuln/detail/CVE-2023-47126

typo3.org/security/advisory/typo3-core-sa-2023-005

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

Related for GHSA-P2JH-95JG-2W55