logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-15098 typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=9.0.0 <9.5.20 || >=10.0.0 <10.4.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02358 pctl0.84326

Details

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) > * CWE-325, CWE-20, CWE-200, CWE-502 ### Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below. * [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network) + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high) * [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization & Remote Code Execution + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical) The overall severity of this vulnerability is **high (8.2)** based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). ### Solution Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2020-008](https://typo3.org/security/advisory/typo3-core-sa-2020-008)

Metadata

Created: 2020-07-29T16:15:19Z
Modified: 2021-11-19T15:43:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-m5vr-3m74-jwxp/GHSA-m5vr-3m74-jwxp.json
CWE IDs: ["CWE-20", "CWE-200", "CWE-325", "CWE-327", "CWE-502"]
Alternative ID: GHSA-m5vr-3m74-jwxp
Finding: F052
Auto approve: 1