TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
Link | Resource |
---|---|
https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-12-14T07:58:05.232Z
Updated:
Reserved: 2022-01-19T21:23:53.772Z
Link: CVE-2022-23504
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-14T08:15:10.830
Modified: 2022-12-16T17:53:08.737
Link: CVE-2022-23504
JSON object: View
Redhat Information
No data.