Medium severity5.9NVD Advisory· Published Dec 14, 2022· Updated Jun 17, 2026
CVE-2022-23501
CVE-2022-23501
Description
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-corePackagist | < 8.7.49 | 8.7.49 |
typo3/cms-corePackagist | >= 9.0.0, < 9.5.38 | 9.5.38 |
typo3/cms-corePackagist | >= 10.0.0, < 10.4.33 | 10.4.33 |
typo3/cms-corePackagist | >= 11.0.0, < 11.5.20 | 11.5.20 |
typo3/cms-corePackagist | >= 12.0.0, < 12.1.1 | 12.1.1 |
typo3/cmsPackagist | >= 10.0.0, < 10.4.33 | 10.4.33 |
typo3/cmsPackagist | >= 11.0.0, < 11.5.20 | 11.5.20 |
typo3/cmsPackagist | >= 12.0.0, < 12.1.1 | 12.1.1 |
Affected products
4- osv-coords3 versions
< 8.7.49+ 2 more
- (no CPE)range: < 8.7.49
- (no CPE)range: >= 10.0.0, < 10.4.33
- (no CPE)range: < 8.7.49
Patches
Vulnerability mechanics
References
7- github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rfnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-jfp7-79g7-89rfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23501ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yamlghsaWEB
- github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266ecedghsaWEB
- typo3.org/security/advisory/typo3-core-sa-2022-013ghsaWEB
News mentions
0No linked articles in our index yet.