CVE-2017-6370: Cleartext Transmission of Sensitive Information
(updated )
TYPO3 sends an HTTP request to an index.php?loginProvider
URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident
and username
fields.
References
Detect and mitigate CVE-2017-6370 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →