CVE-2024-25118

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-25118
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25118.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-25118
Aliases
Published
2024-02-13T22:19:22.690Z
Modified
2026-02-15T03:16:14.169239Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25118.json"
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
fd8745e46bb11773e85524b8ee9650dabe340713
Fixed
a157af54e61a26b1ffc94f2d94e2ed96b6e658f4
Database specific 
{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.0.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
36096733dea4bd6f6168209609fa879dc25c0138
Fixed
3f83ff31e72053761f33b975410fa2881174e0e5
Database specific 
{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.4.11"
        }
    ]
}
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
6a5e2d4097ef0a0e3ea955af93cf83810d6fa234
Fixed
7cd2396f0be8e4ce1a2554f0def6ebc4420ab436
Database specific 
{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.35"
        }
    ]
}

Affected versions

v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.20
v11.5.21
v11.5.22
v11.5.23
v11.5.24
v11.5.25
v11.5.26
v11.5.27
v11.5.28
v11.5.29
v11.5.3
v11.5.30
v11.5.31
v11.5.32
v11.5.33
v11.5.34
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.10
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9
v13.*
v13.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25118.json"

Git / github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
36096733dea4bd6f6168209609fa879dc25c0138
Fixed
3f83ff31e72053761f33b975410fa2881174e0e5
Introduced
6a5e2d4097ef0a0e3ea955af93cf83810d6fa234
Fixed
7cd2396f0be8e4ce1a2554f0def6ebc4420ab436

Affected versions

v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.20
v11.5.21
v11.5.22
v11.5.23
v11.5.24
v11.5.25
v11.5.26
v11.5.27
v11.5.28
v11.5.29
v11.5.3
v11.5.30
v11.5.31
v11.5.32
v11.5.33
v11.5.34
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.10
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25118.json"