CVE-2023-47126

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-47126

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47126.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-47126

Aliases

Published

2023-11-14T20:01:16.570Z

Modified

2026-03-20T12:31:37.008813Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information Disclosure in Install Tool in typo3/cms-install

Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/47xxx/CVE-2023-47126.json"
}

References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type: GIT
Repo: https://github.com/typo3/typo3
Events: Introduced

40c555936c3cd0fa0c09a5971b73b796bd1b9596

Fixed

639f2dbbafa5e6835499e70e111c7f22bc6cb966

Affected versions

v12.*

v12.2.0

v12.3.0

v12.4.0

v12.4.1

v12.4.2

v12.4.3

v12.4.4

v12.4.5

v12.4.6

v12.4.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47126.json"

Git / github.com/typo3/typo3.cms

Affected ranges

Type

GIT

Repo

https://github.com/typo3/typo3.cms

Events

Introduced

40c555936c3cd0fa0c09a5971b73b796bd1b9596

Fixed

639f2dbbafa5e6835499e70e111c7f22bc6cb966