CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*

History

23 Jun 2022, 19:52

Type Values Removed Values Added
References (MISC) https://typo3.org/security/advisory/typo3-core-sa-2022-001 - (MISC) https://typo3.org/security/advisory/typo3-core-sa-2022-001 - Vendor Advisory
References (MISC) https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9 - (MISC) https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g - (CONFIRM) https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g - Third Party Advisory
First Time Typo3
Typo3 typo3
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CWE CWE-200 CWE-319
CPE cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*

14 Jun 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-14 21:15

Updated : 2022-06-23 19:52


NVD link : CVE-2022-31046

Mitre link : CVE-2022-31046


JSON object : View

Products Affected

typo3

  • typo3
CWE
CWE-319

Cleartext Transmission of Sensitive Information