Vulnerability-Lookup

CVE-2022-23504 (GCVE-0-2022-23504)

Vulnerability from cvelistv5 – Published: 2022-12-14 07:58 – Updated: 2025-04-21 19:21

Title

TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

Summary

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Assigner

GitHub_M

References

URL

Tags

https://github.com/TYPO3/typo3/security/advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	TYPO3	typo3	Affected: >= 9.0.0, < 9.5.38 Affected: >= 10.0.0, < 10.4.33 Affected: >= 11.0.0, < 11.5.20 Affected: >= 12.0.0, < 12.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:43:46.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-21T19:21:01.767538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T19:21:19.354Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "typo3",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.5.38"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.4.33"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.5.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 12.0.0, \u003c 12.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-917",
              "description": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-14T07:58:05.232Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
        }
      ],
      "source": {
        "advisory": "GHSA-8w3p-qh3x-6gjr",
        "discovery": "UNKNOWN"
      },
      "title": "TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23504",
    "datePublished": "2022-12-14T07:58:05.232Z",
    "dateReserved": "2022-01-19T21:23:53.772Z",
    "dateUpdated": "2025-04-21T19:21:19.354Z",
    "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr\", \"name\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:43:46.501Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-23504\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-21T19:21:01.767538Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-21T19:21:14.847Z\"}}], \"cna\": {\"title\": \"TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration\", \"source\": {\"advisory\": \"GHSA-8w3p-qh3x-6gjr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"TYPO3\", \"product\": \"typo3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 9.0.0, \u003c 9.5.38\"}, {\"status\": \"affected\", \"version\": \"\u003e= 10.0.0, \u003c 10.4.33\"}, {\"status\": \"affected\", \"version\": \"\u003e= 11.0.0, \u003c 11.5.20\"}, {\"status\": \"affected\", \"version\": \"\u003e= 12.0.0, \u003c 12.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr\", \"name\": \"https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-917\", \"description\": \"CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-12-14T07:58:05.232Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-23504\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-21T19:21:19.354Z\", \"dateReserved\": \"2022-01-19T21:23:53.772Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-12-14T07:58:05.232Z\", \"requesterUserId\": \"c184a3d9-dc98-4c48-a45b-d2d88cf0ac74\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-23504

Vulnerability from fkie_nvd - Published: 2022-12-14 08:15 - Updated: 2024-11-21 06:48

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr	Third Party Advisory

Impacted products

Vendor	Product	Version
typo3	typo3	*
typo3	typo3	*
typo3	typo3	*
typo3	typo3	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F",
              "versionEndExcluding": "9.5.38",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
              "versionEndExcluding": "10.4.33",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
              "versionEndExcluding": "11.5.20",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
              "versionEndExcluding": "12.1.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
    },
    {
      "lang": "es",
      "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. Las versiones anteriores a 9.5.38, 10.4.33, 11.5.20 y 12.1.1 est\u00e1n sujetas a divulgaci\u00f3n de informaci\u00f3n confidencial. Debido a la falta de manejo de expresiones de marcador de posici\u00f3n YAML enviadas por los usuarios en el m\u00f3dulo backend de configuraci\u00f3n del sitio, los atacantes podr\u00edan exponer informaci\u00f3n interna confidencial, como la configuraci\u00f3n del sistema o mensajes de solicitud HTTP de otros visitantes del sitio web. Se necesita una cuenta de usuario de backend v\u00e1lida con privilegios de administrador para aprovechar esta vulnerabilidad. Este problema se solucion\u00f3 en las versiones 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
    }
  ],
  "id": "CVE-2022-23504",
  "lastModified": "2024-11-21T06:48:42.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-14T08:15:10.830",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-23504

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-23504

Aliases

CVE-2022-23504

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23504",
    "id": "GSD-2022-23504"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23504"
      ],
      "details": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.",
      "id": "GSD-2022-23504",
      "modified": "2023-12-13T01:19:35.089038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23504",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "typo3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 9.0.0, \u003c 9.5.38"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 10.0.0, \u003c 10.4.33"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 11.0.0, \u003c 11.5.20"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 12.0.0, \u003c 12.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TYPO3"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-917",
                "lang": "eng",
                "value": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
            "refsource": "MISC",
            "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-8w3p-qh3x-6gjr",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=9.0.0,\u003c9.5.38||\u003e=10.0.0,\u003c10.4.33||\u003e=11.0.0,\u003c11.5.20||\u003e=12.0.0,\u003c12.1.1",
          "affected_versions": "All versions starting from 9.0.0 before 9.5.38, all versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-917",
            "CWE-937"
          ],
          "date": "2022-12-16",
          "description": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.",
          "fixed_versions": [
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "CVE-2022-23504",
          "identifiers": [
            "CVE-2022-23504",
            "GHSA-8w3p-qh3x-6gjr",
            "GMS-2022-8131"
          ],
          "not_impacted": "All versions before 9.0.0, all versions starting from 9.5.38 before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms-core",
          "pubdate": "2022-12-14",
          "solution": "Upgrade to versions 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23504",
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
            "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-016",
            "https://github.com/advisories/GHSA-8w3p-qh3x-6gjr"
          ],
          "uuid": "48da5435-904f-4818-af4d-2cc2d53ea6d8"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions starting from 9.0.0 before 9.5.38, all versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-12-13",
          "description": "### Problem\nDue to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yaml/YamlApi.html#custom-placeholder-processing) in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.\n\nA valid backend user account having administrator privileges is needed to exploit this vulnerability.\n\n### Solution\nUpdate to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.\n\n### References\n* [TYPO3-CORE-SA-2022-016](https://typo3.org/security/advisory/typo3-core-sa-2022-016)\n",
          "fixed_versions": [
            "9.5.38",
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "GMS-2022-8131",
          "identifiers": [
            "GHSA-8w3p-qh3x-6gjr",
            "GMS-2022-8131",
            "CVE-2022-23504"
          ],
          "not_impacted": "All versions before 9.0.0, all versions starting from 9.5.38 before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms-core",
          "pubdate": "2022-12-13",
          "solution": "Upgrade to versions 9.5.38, 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Duplicate of ./packagist/typo3/cms-core/CVE-2022-23504.yml",
          "urls": [
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
            "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-016",
            "https://github.com/advisories/GHSA-8w3p-qh3x-6gjr"
          ],
          "uuid": "de791989-9bd3-421a-a48d-6b2b1796dff4"
        },
        {
          "affected_range": "\u003e=9.0.0,\u003c9.5.38||\u003e=10.0.0,\u003c10.4.33||\u003e=11.0.0,\u003c11.5.20||\u003e=12.0.0,\u003c12.1.1",
          "affected_versions": "All versions starting from 9.0.0 before 9.5.38, all versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-917",
            "CWE-937"
          ],
          "date": "2022-12-16",
          "description": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.",
          "fixed_versions": [
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "CVE-2022-23504",
          "identifiers": [
            "CVE-2022-23504",
            "GHSA-8w3p-qh3x-6gjr"
          ],
          "not_impacted": "All versions before 9.0.0, all versions starting from 9.5.38 before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms",
          "pubdate": "2022-12-14",
          "solution": "Upgrade to versions 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
          "urls": [
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
            "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-016",
            "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml",
            "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml",
            "https://github.com/advisories/GHSA-8w3p-qh3x-6gjr"
          ],
          "uuid": "a7846d9c-4291-4bb6-b449-76dfade32514"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5.20",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.4.33",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.5.38",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1.1",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23504"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-917"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-12-16T17:53Z",
      "publishedDate": "2022-12-14T08:15Z"
    }
  }
}

CERTFR-2022-AVI-1097

Vulnerability from certfr_avis - Published: 2022-12-14 - Updated: 2022-12-14

De multiples vulnérabilités ont été découvertes dans Typo3 cms-core. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	Typo3 cms-cors versions 10.x.x antérieures à 10.4.33
Typo3	Typo3	Typo3 cms-cors versions 9.x.x antérieures à 9.5.38
Typo3	Typo3	Typo3 cms-cors versions 8.x.x antérieures à 8.7.49
Typo3	Typo3	Typo3 cms-cors versions 11.x.x antérieures à 11.5.20
Typo3	Typo3	Typo3 cms-cors versions 12.x.x antérieures à 12.1.1

References

Title

Publication Time

GHSA-8W3P-QH3X-6GJR

Vulnerability from github – Published: 2022-12-13 17:13 – Updated: 2024-10-29 14:59

Summary

TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

Details

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.3)

Problem

Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.

A valid backend user account having administrator privileges is needed to exploit this vulnerability.

Solution

Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

Credits

Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue.

References

TYPO3-CORE-SA-2022-016

Severity ?

5.7 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.38"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-917"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T17:13:37Z",
    "nvd_published_at": "2022-12-14T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "\u003e ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)\n\n### Problem\nDue to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yaml/YamlApi.html#custom-placeholder-processing) in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.\n\nA valid backend user account having administrator privileges is needed to exploit this vulnerability.\n\n### Solution\nUpdate to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.\n\n### Credits\nThanks to TYPO3 core \u0026 security team member Oliver Hader who reported and fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2022-016](https://typo3.org/security/advisory/typo3-core-sa-2022-016)\n",
  "id": "GHSA-8w3p-qh3x-6gjr",
  "modified": "2024-10-29T14:59:57Z",
  "published": "2022-12-13T17:13:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23504"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3/typo3"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-23504 (GCVE-0-2022-23504)

FKIE_CVE-2022-23504

GSD-2022-23504

CERTFR-2022-AVI-1097

Solution

GHSA-8W3P-QH3X-6GJR

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.3)

Problem

Solution

Credits

References

Tags

Sightings

Nomenclature

CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)