BIT-typo3-2023-47126

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2023-47126.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-typo3-2023-47126
Aliases
Published
2024-03-06T11:07:42.905Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cpes": [
        "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / typo3

Package

Name
typo3
Purl
pkg:bitnami/typo3

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
12.2.0
Fixed
12.4.8