Vulnerability Description
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 12.2.0, < 12.4.8 |
Related Weaknesses (CWE)
References
- https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423Patch
- https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55Vendor Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2023-005Vendor Advisory
- https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423Patch
- https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55Vendor Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2023-005Vendor Advisory
FAQ
What is CVE-2023-47126?
CVE-2023-47126 is a vulnerability with a CVSS score of 3.7 (LOW). TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transien...
How severe is CVE-2023-47126?
CVE-2023-47126 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47126?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.