CVE-2022-31046 – Information Disclosure via Export Module in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2022-31046
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. • https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9 https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g https://typo3.org/security/advisory/typo3-core-sa-2022-001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2022-31047 – Insertion of Sensitive Information into Log File in typo3/cms-core
https://notcve.org/view.php?id=CVE-2022-31047
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. TYPO3 es un sistema de administración de contenidos web de código abierto. En versiones anteriores a 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, las credenciales o claves internas del sistema (por ejemplo, las credenciales de la base de datos) podían registrarse como texto plano en los manejadores de excepciones, cuando es registrado el seguimiento completo de la pila de excepciones. • https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 https://typo3.org/security/advisory/typo3-core-sa-2022-002 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-41113 – Cross-Site-Request-Forgery in Backend URI Handling in Typo3
https://notcve.org/view.php?id=CVE-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. • https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw https://typo3.org/security/advisory/typo3-core-sa-2020-006 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-41114 – HTTP Host Header Injection in Request Handling in Typo3
https://notcve.org/view.php?id=CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). • https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4 https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm https://typo3.org/security/advisory/typo3-core-sa-2021-015 • CWE-20: Improper Input Validation CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •