SB2022061415 - Multiple vulnerabilities in TYPO3

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2022-31050)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to Admin Tool sessions initiated via the TYPO3 backend user interface are not removed even if the corresponding user account was degraded to lower permissions or disabled completely. A remote user can prolong the admin tool session without any limit.

2) Stored cross-site scripting (CVE-ID: CVE-2022-31049)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Frontend Login Mailer. A remote user can send out a specially crafted email that once viewed will execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

3) Stored cross-site scripting (CVE-ID: CVE-2022-31048)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Form Designer backend module. A remote authenticated user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-31047)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores system internal credentials or keys (e.g. database credentials) in plain text in exception handlers, when logging the complete exception stack trace. A remote user can view the stack trace and gain access to sensitive information.

5) Information disclosure (CVE-ID: CVE-2022-31046)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Export module. The export functionality fails to limit the result set to allowed columns of a particular database table. A remote authenticated user can export internal details of database tables to which they already have access.

Remediation

Install update from vendor's website.

References

• https://typo3.org/security/advisory/typo3-core-sa-2022-005/
• https://typo3.org/security/advisory/typo3-core-sa-2022-004/
• https://typo3.org/security/advisory/typo3-core-sa-2022-003/
• https://typo3.org/security/advisory/typo3-core-sa-2022-002/
• https://typo3.org/security/advisory/typo3-core-sa-2022-001/