TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
References
Link | Resource |
---|---|
https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a | Patch |
https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r | Vendor Advisory |
https://typo3.org/security/advisory/typo3-core-sa-2023-003 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Aug 2023, 19:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Typo3
Typo3 typo3 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2023-003 - Vendor Advisory | |
References | (MISC) https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r - Vendor Advisory | |
References | (MISC) https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a - Patch |
25 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-25 21:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-38499
Mitre link : CVE-2023-38499
CVE.ORG link : CVE-2023-38499
JSON object : View
Products Affected
typo3
- typo3
CWE