CVE-2023-38499 - OpenCVE

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Typo3	Typo3

Configuration 1 [-]

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::

References

Link	Resource
https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a	Patch
https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r	Vendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2023-003	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-25T20:54:41.648Z

Updated: 2023-07-25T20:54:41.648Z

Reserved: 2023-07-18T16:28:12.076Z

Link: CVE-2023-38499

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-25T21:15:10.997

Modified: 2023-08-02T19:11:12.320

Link: CVE-2023-38499

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-38499", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-18T16:28:12.076Z", "datePublished": "2023-07-25T20:54:41.648Z", "dateUpdated": "2023-07-25T20:54:41.648Z"}, "containers": {"cna": {"title": "typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "tags": ["x_refsource_MISC"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "tags": ["x_refsource_MISC"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"version": ">= 9.4.0, < 9.5.42", "status": "affected"}, {"version": ">= 10.0.0, < 10.4.39", "status": "affected"}, {"version": ">= 11.0.0, < 11.5.30", "status": "affected"}, {"version": ">= 12.0.0, < 12.4.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-25T20:54:41.648Z"}, "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."}], "source": {"advisory": "GHSA-jq6g-4v5m-wm9r", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "F977D03B-2605-4DDA-8E08-9E32862B36FF", "versionEndExcluding": "9.5.42", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FD93DD8-F62F-4541-8B1E-0B78A069A9BC", "versionEndExcluding": "10.4.39", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CA1BEF0-8CBD-46AE-A155-A010CCE92F6F", "versionEndExcluding": "11.5.30", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE209B6F-686B-4896-A7E0-B8426A4818C1", "versionEndExcluding": "12.4.4", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."}, {"lang": "es", "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. A partir de la versi\u00f3n 9.4.0 y antes de las versiones 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, y 12.4.4 en escenarios multi-sitio, la enumeraci\u00f3n de los par\u00e1metros de consulta HTTP \"id\" y \"L\" permit\u00eda el acceso fuera del alcance al contenido renderizado en el frontend del sitio web. Por ejemplo, esto permit\u00eda a los visitantes acceder al contenido de un sitio interno a\u00f1adiendo par\u00e1metros de consulta manuales a la URL de un sitio que estaba disponible p\u00fablicamente. Las versiones de TYPO3 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 y 12.4.4 corrigen el problema. "}], "id": "CVE-2023-38499", "lastModified": "2023-08-02T19:11:12.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-25T21:15:10.997", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}