Home > Vulnerability Database > CVE-2022-23501

Mend.io Vulnerability Database

CVE-2022-23501

Date: December 14, 2022

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

Language: PHP

Severity Score

5.9

Related Resources (8)

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf

Url: https://typo3.org/security/advisory/typo3-core-sa-2022-013

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23501

Url: https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml

Url: https://github.com/TYPO3/typo3

Url: https://www.mend.io/vulnerability-database/CVE-2022-23501

Severity Score

5.9

Weakness Type (CWE)

Improper Authentication

CWE-287

Authentication Bypass by Assumed-Immutable Data

CWE-302

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23501

Date: December 14, 2022

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?