Veracode Vulnerability DatabaseVERACODE:38488Authentication Bypass
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%
typo3/cms and typo3/cms-core are vulnerable to authentication bypass. Restricting frontend login to specific users are organized in different storage folders (partitions), and can be bypassed, which allows an authenticated attacker to gain access to a different account when credentials are known.
References
github.com/advisories/GHSA-jfp7-79g7-89rf
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
github.com/TYPO3/typo3/commit/640a6f62858be87db69031f9112c9f378ea00aaa
github.com/TYPO3/typo3/commit/96ed3e627f9dd031caf537a382cdcde06d0aafcb
github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
typo3.org/security/advisory/typo3-core-sa-2022-013
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%