CVE-2009-3628 – typo3/cms-backend

Package

Manager: composer
Name: typo3/cms-backend
Vulnerable Version: >=0 <=4.0.13 || >=4.1.0 <4.1.13 || >=4.2.0 <4.2.10 || >=4.3alpha1 <4.3beta2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00227 pctl0.45435

Details

TYPO3 Backend Discloses Encryption Key The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

Metadata

Created: 2022-05-02T03:46:56Z
Modified: 2024-02-08T21:36:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2wgg-c8xc-7gg3/GHSA-2wgg-c8xc-7gg3.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-2wgg-c8xc-7gg3
Finding: F038
Auto approve: 1