CVE-2023-47127

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-47127
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47127.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-47127
Aliases
Published
2023-11-14T19:26:07.849Z
Modified
2026-02-17T07:41:11.496696Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Weak Authentication in Session Handling in typo3/cms-core
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-302"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/47xxx/CVE-2023-47127.json"
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
6a5e2d4097ef0a0e3ea955af93cf83810d6fa234
Fixed
939ef26e7fcd18ec68af7743014446a45527e502
Database specific 
{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.33"
        }
    ]
}
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
36096733dea4bd6f6168209609fa879dc25c0138
Fixed
639f2dbbafa5e6835499e70e111c7f22bc6cb966
Database specific 
{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.4.8"
        }
    ]
}

Affected versions

v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.20
v11.5.21
v11.5.22
v11.5.23
v11.5.24
v11.5.25
v11.5.26
v11.5.27
v11.5.28
v11.5.29
v11.5.3
v11.5.30
v11.5.31
v11.5.32
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47127.json"