CVE-2022-31046

Published Jun 14, 2022

Last updated 5 months ago

CVSS medium 4.3

Overview

Description: TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
Source: security-advisories@github.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

security-advisories@github.com: CWE-200
nvd@nist.gov: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A15251A1-BC05-4C05-AED2-0E2CF75BB054",
            "versionEndExcluding": "7.6.57",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD542E1B-F3BA-4816-B97D-D877EFADA02D",
            "versionEndExcluding": "8.7.47",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
            "versionEndExcluding": "9.5.35",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
            "versionEndExcluding": "10.4.29",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
            "versionEndExcluding": "11.5.11",
            "versionStartIncluding": "11.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References