GHSA-2wgg-c8xc-7gg3

Source

https://github.com/advisories/GHSA-2wgg-c8xc-7gg3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2wgg-c8xc-7gg3/GHSA-2wgg-c8xc-7gg3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2wgg-c8xc-7gg3

Aliases

CVE-2009-3628

Published

2022-05-02T03:46:56Z

Modified

2024-02-08T21:56:40.612655Z

Summary

TYPO3 Backend Discloses Encryption Key

Details

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

Database specific

{
    "nvd_published_at": "2009-11-02T15:30:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-08T21:36:52Z"
}

References

Affected packages

Packagist / typo3/cms-backend

Package

Name: typo3/cms-backend
Purl: pkg:composer/typo3/cms-backend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.0.13

Packagist / typo3/cms-backend

Package

Name: typo3/cms-backend
Purl: pkg:composer/typo3/cms-backend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.13

Packagist / typo3/cms-backend

Package

Name: typo3/cms-backend
Purl: pkg:composer/typo3/cms-backend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.10

Packagist / typo3/cms-backend

Package

Name: typo3/cms-backend
Purl: pkg:composer/typo3/cms-backend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3alpha1

Fixed

4.3beta2