GHSA-vpr3-rc99-2wpr

Source

https://github.com/advisories/GHSA-vpr3-rc99-2wpr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-vpr3-rc99-2wpr/GHSA-vpr3-rc99-2wpr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vpr3-rc99-2wpr

Published

2024-06-05T15:01:46Z

Modified

2024-12-02T05:54:01.514850Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information Disclosure in TYPO3 Backend

Details

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T15:01:46Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.2.26

Affected versions

6.*

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.2.10-rc1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.14

6.2.15

6.2.16

6.2.17

6.2.18

6.2.19

6.2.20

6.2.21

6.2.22

6.2.23

6.2.24

6.2.25

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.6.0

Fixed

7.6.10

Affected versions

7.*

7.6.0

7.6.1

7.6.2

7.6.3

7.6.4

7.6.5

7.6.6

7.6.7

7.6.8

7.6.9

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.2.1

Affected versions

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.2.0