Executive Summary

Informations
Name CVE-2023-38499 First vendor Publication 2023-07-25
Vendor Cve Last vendor Modification 2023-08-02

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score 5.3
Base Score 5.3 Environmental Score 5.3
impact SubScore 1.4 Temporal Score 5.3
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38499

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 311

Sources (Detail)

Source Url
MISC https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a
https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r
https://typo3.org/security/advisory/typo3-core-sa-2023-003

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2024-02-02 02:47:33
  • Multiple Updates
2024-02-01 12:30:44
  • Multiple Updates
2024-01-04 02:43:51
  • Multiple Updates
2023-09-05 13:41:59
  • Multiple Updates
2023-09-05 01:29:46
  • Multiple Updates
2023-09-02 13:40:04
  • Multiple Updates
2023-09-02 01:30:11
  • Multiple Updates
2023-08-12 13:45:13
  • Multiple Updates
2023-08-12 01:29:24
  • Multiple Updates
2023-08-11 05:27:44
  • Multiple Updates
2023-08-11 01:30:16
  • Multiple Updates
2023-08-06 05:27:31
  • Multiple Updates
2023-08-06 01:29:01
  • Multiple Updates
2023-08-04 05:27:27
  • Multiple Updates
2023-08-04 01:29:23
  • Multiple Updates
2023-08-03 00:27:22
  • Multiple Updates
2023-07-26 09:27:21
  • Multiple Updates
2023-07-26 00:27:19
  • First insertion