CVE-2012-3529: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated January 12, 2024)

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
www.debian.org/security/2012/dsa-2537
www.openwall.com/lists/oss-security/2012/08/22/8
exchange.xforce.ibmcloud.com/vulnerabilities/77793
github.com/advisories/GHSA-7gg8-3r6j-5g55
nvd.nist.gov/vuln/detail/CVE-2012-3529

Code Behaviors & Features

Detect and mitigate CVE-2012-3529 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →