5.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-23504

GHSA ID

GHSA-8w3p-qh3x-6gjr

EPSS Score

0.16484%

CWE

CWE-200

Published

12/13/2022

Updated

10/29/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-23504

CVE-2022-23504: TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.3)

Problem

Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.

A valid backend user account having administrator privileges is needed to exploit this vulnerability.

Solution

Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

Credits

Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue.

References

TYPO3-CORE-SA-2022-016

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-23504

CVE-2022-23504:

5.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-23504

GHSA ID

GHSA-8w3p-qh3x-6gjr

EPSS Score

0.16484%

CWE

CWE-200

Published

12/13/2022

Updated

10/29/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms-core	composer	>= 9.0.0, < 9.5.38	9.5.38
typo3/cms-core	composer	>= 10.0.0, < 10.4.33	10.4.33
typo3/cms-core	composer	>= 11.0.0, < 11.5.20	11.5.20
typo3/cms-core	composer	>= 12.0.0, < 12.1.1	12.1.1
typo3/cms	composer	>= 10.0.0, < 10.4.33	10.4.33
typo3/cms	composer	>= 11.0.0, < 11.5.20	11.5.20
typo3/cms	composer	>= 12.0.0, < 12.1.1	12.1.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stems from the SiteConfiguration::write() method not properly sanitizing YAML placeholder expressions. The commit diff shows the patch added a 'protectPlaceholders' parameter to enforce validation via YamlPlaceholderGuard. Before this fix, the method would write user-controlled placeholder expressions without checking if they were newly introduced, enabling expression language injection. The modified SiteConfigurationController.php now calls write() with protectPlaceholders=true, confirming the original method was vulnerable when this flag wasn't enforced.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-23504: TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.3)

Problem

Solution

Credits

References

CVE-2022-23504:

5.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.7

5.7

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-23504: TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.3)

Problem

Solution

Credits

References

Basic Information

Basic Information

CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)