Headline
GHSA-8w3p-qh3x-6gjr: TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Problem
Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.
A valid backend user account having administrator privileges is needed to exploit this vulnerability.
Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.
References
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate severity GitHub Reviewed Published Dec 13, 2022 in TYPO3/typo3 • Updated Dec 13, 2022
Package
composer typo3/cms-core (Composer)
Affected versions
>= 9.0.0, < 9.5.38
>= 10.0.0, < 10.4.33
>= 11.0.0, < 11.5.20
>= 12.0.0, < 12.1.1
Patched versions
9.5.38
10.4.33
11.5.20
12.1.1
Description
Severity
CVSS base metrics
User interaction
Required
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
Weaknesses
GHSA ID
GHSA-8w3p-qh3x-6gjr
Source code
Related news
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.