Lucene search

K
osvGoogleOSV:GHSA-8W3P-QH3X-6GJR
HistoryDec 13, 2022 - 5:13 p.m.

TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

2022-12-1317:13:37
Google
osv.dev
17
sensitive information disclosure
yaml placeholder expressions
backend module
administrator privileges
elts
typo3-core-sa-2022-016

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

38.7%

Problem

Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.

A valid backend user account having administrator privileges is needed to exploit this vulnerability.

Solution

Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

References

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

38.7%