GHSA-87hc-phmj-rhgh

Suggest an improvement
Source
https://github.com/advisories/GHSA-87hc-phmj-rhgh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-87hc-phmj-rhgh/GHSA-87hc-phmj-rhgh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-87hc-phmj-rhgh
Aliases
Published
2022-05-13T01:46:32Z
Modified
2024-04-25T21:58:41.582505Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
TYPO3 Information Disclosure Vulnerability
Details

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Database specific 
{
    "nvd_published_at": "2017-03-17T17:59:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:29:41Z"
}
References

Affected packages

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Affected versions

7.*

7.6.15