PT-2023-30329 · Typo3 · Typo3

Markus Klein

Published

2023-11-14

Updated

2024-03-06

CVE-2023-47126

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 12.4.8

Description The login screen of the standalone install tool discloses the full path of the transient data directory. This issue applies to composer-based scenarios only, and "classic" non-composer installations are not affected.

Recommendations For versions prior to 12.4.8, update to version 12.4.8 to resolve the issue. As there are no known workarounds for this vulnerability, upgrading to the fixed version is the recommended course of action.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-TYPO3-2023-47126

CVE-2023-47126

GHSA-P2JH-95JG-2W55

Affected Products

Typo3

PT-2023-30329 · Typo3 · Typo3

CVE-2023-47126

Weakness Enumeration

Related Identifiers

Affected Products

References · 10