Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-813
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Typo3. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Typo3 | Typo3 | Typo3 versions 11.5.x antérieures à 11.5.16 | ||
| Typo3 | Typo3 | Typo3 versions 9.5.x antérieures à 9.5.37 | ||
| Typo3 | Typo3 | Typo3 versions 10.4.x antérieures à 10.4.32 | ||
| Typo3 | Typo3 | Typo3 versions 8.7.x antérieures à 8.7.48 | ||
| Typo3 | Typo3 | Typo3 versions 7.6.x antérieures à 7.6.58 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Typo3 versions 11.5.x ant\u00e9rieures \u00e0 11.5.16",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "Typo3 versions 9.5.x ant\u00e9rieures \u00e0 9.5.37",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "Typo3 versions 10.4.x ant\u00e9rieures \u00e0 10.4.32",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "Typo3 versions 8.7.x ant\u00e9rieures \u00e0 8.7.48",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "Typo3 versions 7.6.x ant\u00e9rieures \u00e0 7.6.58",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36104"
},
{
"name": "CVE-2022-36107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36107"
},
{
"name": "CVE-2022-36106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36106"
},
{
"name": "CVE-2022-36108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36108"
},
{
"name": "CVE-2022-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36020"
},
{
"name": "CVE-2022-36105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36105"
}
],
"initial_release_date": "2022-09-13T00:00:00",
"last_revision_date": "2022-09-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-813",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-gqqf-g5r7-84vf du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-9c6w-55cp-5w25 du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-fffr-7x4x-f98q du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-5959-4x58-r8c2 du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-fv2m-9249-qx85 du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-m392-235j-9r7r du 13 septembre 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
}
]
}
CVE-2022-36108 (GCVE-0-2022-36108)
Vulnerability from cvelistv5
Published
2022-09-13 17:20
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:54.275550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:44.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.3.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:20:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
],
"source": {
"advisory": "GHSA-fv2m-9249-qx85",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in typo3/cms-core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36108",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in typo3/cms-core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.3.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"name": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-010",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
]
},
"source": {
"advisory": "GHSA-fv2m-9249-qx85",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36108",
"datePublished": "2022-09-13T17:20:13.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:44.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36105 (GCVE-0-2022-36105)
Vulnerability from cvelistv5
Published
2022-09-13 17:40
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:51:34.710355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:20.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:40:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
},
"title": "User Enumeration via Response Timing in TYPO3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36105",
"STATE": "PUBLIC",
"TITLE": "User Enumeration via Response Timing in TYPO3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"name": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
]
},
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36105",
"datePublished": "2022-09-13T17:40:13.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:20.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36107 (GCVE-0-2022-36107)
Vulnerability from cvelistv5
Published
2022-09-13 17:30
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:47.164601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:32.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:30:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
],
"source": {
"advisory": "GHSA-9c6w-55cp-5w25",
"discovery": "UNKNOWN"
},
"title": "Stored Cross-Site Scripting via FileDumpController",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36107",
"STATE": "PUBLIC",
"TITLE": "Stored Cross-Site Scripting via FileDumpController"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"name": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-009",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
]
},
"source": {
"advisory": "GHSA-9c6w-55cp-5w25",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36107",
"datePublished": "2022-09-13T17:30:13.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:32.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36020 (GCVE-0-2022-36020)
Vulnerability from cvelistv5
Published
2022-09-13 16:55
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TYPO3 | html-sanitizer |
Version: >= 1.0.0, < 1.0.7 Version: >= 2.0.0, < 2.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/masterminds/html5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/html-sanitizer"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:57.275230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:55.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "html-sanitizer",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T16:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/masterminds/html5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/html-sanitizer"
}
],
"source": {
"advisory": "GHSA-47m6-46mj-p235",
"discovery": "UNKNOWN"
},
"title": "Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36020",
"STATE": "PUBLIC",
"TITLE": "Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "html-sanitizer",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.0, \u003c 1.0.7"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235"
},
{
"name": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493",
"refsource": "MISC",
"url": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493"
},
{
"name": "https://packagist.org/packages/masterminds/html5",
"refsource": "MISC",
"url": "https://packagist.org/packages/masterminds/html5"
},
{
"name": "https://packagist.org/packages/typo3/html-sanitizer",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/html-sanitizer"
}
]
},
"source": {
"advisory": "GHSA-47m6-46mj-p235",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36020",
"datePublished": "2022-09-13T16:55:10.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:55.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36104 (GCVE-0-2022-36104)
Vulnerability from cvelistv5
Published
2022-09-13 17:20
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:50.954391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:38.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.4.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:20:19.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
],
"source": {
"advisory": "GHSA-fffr-7x4x-f98q",
"discovery": "UNKNOWN"
},
"title": "Denial of Service via Page Error Handling in TYPO3/cms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36104",
"STATE": "PUBLIC",
"TITLE": "Denial of Service via Page Error Handling in TYPO3/cms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.4.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"name": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-006",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
]
},
"source": {
"advisory": "GHSA-fffr-7x4x-f98q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36104",
"datePublished": "2022-09-13T17:20:19.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:38.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36106 (GCVE-0-2022-36106)
Vulnerability from cvelistv5
Published
2022-09-13 17:35
Modified
2025-04-23 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:00:44.041275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:26.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.4.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:35:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
],
"source": {
"advisory": "GHSA-5959-4x58-r8c2",
"discovery": "UNKNOWN"
},
"title": "Missing check for expiration time of password reset token in TYPO3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36106",
"STATE": "PUBLIC",
"TITLE": "Missing check for expiration time of password reset token in TYPO3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.4.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"name": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-008",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
]
},
"source": {
"advisory": "GHSA-5959-4x58-r8c2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36106",
"datePublished": "2022-09-13T17:35:11.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:26.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…