GHSA-p5jq-5383-qvc7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p5jq-5383-qvc7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-p5jq-5383-qvc7/GHSA-p5jq-5383-qvc7.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-p5jq-5383-qvc7
- Aliases
- Published
- 2025-09-09T09:31:12Z
- Modified
- 2025-09-10T21:37:50.815362Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- TYPO3 CMS uses insufficient entropy when generating passwords
- Details
-
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
- Database specific
{ "github_reviewed_at": "2025-09-09T20:10:43Z", "cwe_ids": [ "CWE-331" ], "nvd_published_at": "2025-09-09T09:15:40Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Affected versions
v12.*
v12.0.0
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9
v12.4.10
v12.4.11
v12.4.12
v12.4.13
v12.4.14
v12.4.15
v12.4.16
v12.4.17
v12.4.18
v12.4.19
v12.4.20
v12.4.21
v12.4.22
v12.4.23
v12.4.24
v12.4.25
v12.4.26
v12.4.27
v12.4.28
v12.4.29
v12.4.30
v12.4.31
v12.4.32
v12.4.33
v12.4.34
v12.4.35
v12.4.36
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core