// For flags

CVE-2022-23504

TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

Severity Score

4.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

TYPO3 es un sistema de gestión de contenidos web basado en PHP de código abierto. Las versiones anteriores a 9.5.38, 10.4.33, 11.5.20 y 12.1.1 están sujetas a divulgación de información confidencial. Debido a la falta de manejo de expresiones de marcador de posición YAML enviadas por los usuarios en el módulo backend de configuración del sitio, los atacantes podrían exponer información interna confidencial, como la configuración del sistema o mensajes de solicitud HTTP de otros visitantes del sitio web. Se necesita una cuenta de usuario de backend válida con privilegios de administrador para aprovechar esta vulnerabilidad. Este problema se solucionó en las versiones 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-12-14 CVE Published
  • 2024-07-06 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CAPEC
References (1)
URL Tag Source
https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 9.0.0 < 9.5.38
Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.38"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 10.0.0 < 10.4.33
Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.33"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 11.0.0 < 11.5.20
Search vendor "Typo3" for product "Typo3" and version " >= 11.0.0 < 11.5.20"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 12.0.0 < 12.1.1
Search vendor "Typo3" for product "Typo3" and version " >= 12.0.0 < 12.1.1"
-
Affected