CVE-2023-38499 - Vulnerability Details - OpenCVE

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Typo3	Typo3

Configuration 1 [-]

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::

No data.

References

Link	Providers
https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a
https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r
https://typo3.org/security/advisory/typo3-core-sa-2023-003

History

Tue, 15 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-25T20:54:41.648Z

Updated: 2024-10-15T18:40:37.114Z

Reserved: 2023-07-18T16:28:12.076Z

Link: CVE-2023-38499

Vulnrichment

Updated: 2024-08-02T17:46:55.097Z

NVD

Status : Modified

Published: 2023-07-25T21:15:10.997

Modified: 2024-11-21T08:13:42.133

Link: CVE-2023-38499

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38499", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-18T16:28:12.076Z", "datePublished": "2023-07-25T20:54:41.648Z", "dateUpdated": "2024-10-15T18:40:37.114Z"}, "containers": {"cna": {"title": "typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "tags": ["x_refsource_MISC"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "tags": ["x_refsource_MISC"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"version": ">= 9.4.0, < 9.5.42", "status": "affected"}, {"version": ">= 10.0.0, < 10.4.39", "status": "affected"}, {"version": ">= 11.0.0, < 11.5.30", "status": "affected"}, {"version": ">= 12.0.0, < 12.4.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-25T20:54:41.648Z"}, "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."}], "source": {"advisory": "GHSA-jq6g-4v5m-wm9r", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.097Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T18:16:37.969976Z", "id": "CVE-2023-38499", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:40:37.114Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.097Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T18:16:37.969976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:40:32.712Z"}}], "cna": {"title": "typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution", "source": {"advisory": "GHSA-jq6g-4v5m-wm9r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"status": "affected", "version": ">= 9.4.0, < 9.5.42"}, {"status": "affected", "version": ">= 10.0.0, < 10.4.39"}, {"status": "affected", "version": ">= 11.0.0, < 11.5.30"}, {"status": "affected", "version": ">= 12.0.0, < 12.4.4"}]}], "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "tags": ["x_refsource_MISC"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-25T20:54:41.648Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38499", "state": "PUBLISHED", "dateUpdated": "2024-10-15T18:40:37.114Z", "dateReserved": "2023-07-18T16:28:12.076Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-07-25T20:54:41.648Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "F977D03B-2605-4DDA-8E08-9E32862B36FF", "versionEndExcluding": "9.5.42", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FD93DD8-F62F-4541-8B1E-0B78A069A9BC", "versionEndExcluding": "10.4.39", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CA1BEF0-8CBD-46AE-A155-A010CCE92F6F", "versionEndExcluding": "11.5.30", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE209B6F-686B-4896-A7E0-B8426A4818C1", "versionEndExcluding": "12.4.4", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."}, {"lang": "es", "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. A partir de la versi\u00f3n 9.4.0 y antes de las versiones 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, y 12.4.4 en escenarios multi-sitio, la enumeraci\u00f3n de los par\u00e1metros de consulta HTTP \"id\" y \"L\" permit\u00eda el acceso fuera del alcance al contenido renderizado en el frontend del sitio web. Por ejemplo, esto permit\u00eda a los visitantes acceder al contenido de un sitio interno a\u00f1adiendo par\u00e1metros de consulta manuales a la URL de un sitio que estaba disponible p\u00fablicamente. Las versiones de TYPO3 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 y 12.4.4 corrigen el problema. "}], "id": "CVE-2023-38499", "lastModified": "2024-11-21T08:13:42.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-25T21:15:10.997", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}