Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-w13x-3rp9-wyej
Vulnerability ID VCID-w13x-3rp9-wyej
Aliases CVE-2022-23504
GHSA-8w3p-qh3x-6gjr
GMS-2022-8131
Summary TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration > ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3) ### Problem Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yaml/YamlApi.html#custom-placeholder-processing) in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### Credits Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2022-016](https://typo3.org/security/advisory/typo3-core-sa-2022-016)
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-23504
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
cvssv3.1 5.7 https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
cvssv3.1 5.7 https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
cvssv3.1 5.7 https://github.com/TYPO3/typo3
generic_textual MODERATE https://github.com/TYPO3/typo3
cvssv3.1 5.7 https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
cvssv3.1 5.7 https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
cvssv3.1_qr MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
generic_textual MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
ssvc Track https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
cvssv3.1 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-23504
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-23504
cvssv3.1 5.7 https://typo3.org/security/advisory/typo3-core-sa-2022-016
generic_textual MODERATE https://typo3.org/security/advisory/typo3-core-sa-2022-016
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-23504
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
https://github.com/TYPO3/typo3
https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
https://nvd.nist.gov/vuln/detail/CVE-2022-23504
https://typo3.org/security/advisory/typo3-core-sa-2022-016
GHSA-8w3p-qh3x-6gjr https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T19:21:01Z/ Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23504
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Found at https://typo3.org/security/advisory/typo3-core-sa-2022-016
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54457
EPSS Score 0.00313
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:05:58.978979+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-8w3p-qh3x-6gjr/GHSA-8w3p-qh3x-6gjr.json 38.0.0