Allele Security Alert
ASA-2018-00083
Identifier(s)
ASA-2018-00083, TYPO3-CORE-SA-2018-010
Title
Information Disclosure in Install Tool
Vendor(s)
TYPO3 Association
Product(s)
TYPO3
Affected version(s)
TYPO3 7.0.0-7.6.31, 8.0.0-8.7.20 and 9.0.0-9.5.1
Fixed version(s)
TYPO3 7.6.32, 8.7.21 or 9.5.2
Proof of concept
Unknown
Description
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
Technical details
Unknown
Credits
Manuel Bloch and Benni Mack (TYPO3 core team)
Reference(s)
TYPO3 9.5.2, 8.7.21 and 7.6.32 security releases published
https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/
TYPO3-CORE-SA-2018-010: Information Disclosure in Install Tool
https://typo3.org/security/advisory/typo3-core-sa-2018-010/
[SECURITY] Remove TYPO3 version from installer
https://github.com/TYPO3/TYPO3.CMS/commit/232d0a64282382229c205904173a16a581555fe3
[TYPO3-announce] Announcing TYPO3 v9.5.2, v8.7.21 and v7.6.32 security releases
http://lists.typo3.org/pipermail/typo3-announce/2018/000435.html
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 1, 2019