Information Disclosure in TYPO3 Backend

2024-06-0515:01:46

CWE-285

GitHub Advisory Database

github.com

typo3

backend

information disclosure

cached usernames

6.9 Medium

AI Score

Confidence

High

JSON

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<8.2.1

typo3cms_poll_system_extensionRange<7.6.10

typo3cms_poll_system_extensionRange<6.2.26

CPENameOperatorVersion
typo3/cmslt8.2.1
typo3/cmslt7.6.10
typo3/cmslt6.2.26

Name	Operator	Version
typo3/cms	lt	8.2.1
typo3/cms	lt	7.6.10
typo3/cms	lt	6.2.26

References

github.com/advisories/GHSA-vpr3-rc99-2wpr

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-4.yaml

typo3.org/security/advisory/typo3-core-sa-2016-017

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017

6.9 Medium

AI Score

Confidence

High

JSON