CVE-2022-23501

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 8.7.49 TYPO3 versions prior to 9.5.38 TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1

Description The issue concerns Improper Authentication in TYPO3, an open source PHP based web content management system. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account, however, credentials must be known to the adversary.

Recommendations Update to TYPO3 version 8.7.49 ELTS to fix the issue. Update to TYPO3 version 9.5.38 ELTS to fix the issue. Update to TYPO3 version 10.4.33 to fix the issue. Update to TYPO3 version 11.5.20 to fix the issue. Update to TYPO3 version 12.1.1 to fix the issue.