CVE-2023-38499

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-38499

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38499.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38499

Aliases

Published

2023-07-25T20:54:41.648Z

Modified

2026-02-23T01:53:10.466157Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution

Details

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38499.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type

GIT

Repo

https://github.com/typo3/typo3

Events

Introduced

6a5e2d4097ef0a0e3ea955af93cf83810d6fa234

Fixed

9eaf8f29875a17b5d48f296d83c1f58b24288b7c

Database specific

{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.30"
        }
    ]
}

Type

GIT

Repo

https://github.com/typo3/typo3

Events

Introduced

36096733dea4bd6f6168209609fa879dc25c0138

Fixed

2312505703ced9702bcc07fc7e0280810be78ee2

Database specific

{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.4.4"
        }
    ]
}

Affected versions

v11.*

v11.0.0

v11.1.0

v11.2.0

v11.3.0

v11.4.0

v11.5.0

v11.5.1

v11.5.10

v11.5.11

v11.5.12

v11.5.13

v11.5.14

v11.5.15

v11.5.16

v11.5.17

v11.5.18

v11.5.19

v11.5.2

v11.5.20

v11.5.21

v11.5.22

v11.5.23

v11.5.24

v11.5.25

v11.5.26

v11.5.27

v11.5.28

v11.5.29

v11.5.3

v11.5.4

v11.5.5

v11.5.6

v11.5.7

v11.5.8

v11.5.9

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.3.0

v12.4.0

v12.4.1

v12.4.2

v12.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38499.json"

Git / github.com/typo3/typo3.cms

Affected ranges

Type: GIT
Repo: https://github.com/typo3/typo3.cms
Events: Introduced

36096733dea4bd6f6168209609fa879dc25c0138

Fixed

2312505703ced9702bcc07fc7e0280810be78ee2

Introduced

6a5e2d4097ef0a0e3ea955af93cf83810d6fa234

Fixed

9eaf8f29875a17b5d48f296d83c1f58b24288b7c

Affected versions

v11.*

v11.0.0

v11.1.0

v11.2.0

v11.3.0

v11.4.0

v11.5.0

v11.5.1

v11.5.10

v11.5.11

v11.5.12

v11.5.13

v11.5.14

v11.5.15

v11.5.16

v11.5.17

v11.5.18

v11.5.19

v11.5.2

v11.5.20

v11.5.21

v11.5.22

v11.5.23

v11.5.24

v11.5.25

v11.5.26

v11.5.27

v11.5.28

v11.5.29

v11.5.3

v11.5.4

v11.5.5

v11.5.6

v11.5.7

v11.5.8

v11.5.9

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.3.0

v12.4.0

v12.4.1

v12.4.2

v12.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38499.json"