CVE-2023-38499
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38499
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38499.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-38499
- Aliases
- Published
- 2023-07-25T20:54:41Z
- Modified
- 2025-10-15T02:27:00.004422Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution
- Details
-
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters
idandLallowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. - References
Affected packages
Git / github.com/TYPO3/typo3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/TYPO3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/TYPO3/typo3
- Events
Affected versions
v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.20
v11.5.21
v11.5.22
v11.5.23
v11.5.24
v11.5.25
v11.5.26
v11.5.27
v11.5.28
v11.5.29
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.2
v12.4.3