6.5

CVE-2024-25118

EPSS 0.39%
Veröffentlicht 13.02.2024 23:15:08
Zuletzt bearbeitet 21.11.2024 09:00:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 8.0.0 < 8.7.57

Typo3 ≫ Typo3 Version >= 9.0.0 < 9.5.46

Typo3 ≫ Typo3 Version >= 10.0.0 < 10.4.43

Typo3 ≫ Typo3 Version >= 11.0.0 < 11.5.35

Typo3 ≫ Typo3 Version >= 12.0.0 < 12.4.11

Typo3 ≫ Typo3 Version13.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.592

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w

Vendor Advisory

https://typo3.org/security/advisory/typo3-core-sa-2024-003

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25118

EUVD