gsd-2020-15098
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15098",
"description": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.",
"id": "GSD-2020-15098"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15098"
],
"details": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.",
"id": "GSD-2020-15098",
"modified": "2023-12-13T01:21:43.837478Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15098",
"STATE": "PUBLIC",
"TITLE": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.20"
},
{
"version_value": "\u003e= 10.0.0, 10.4.6"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325: Missing Required Cryptographic Step"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2016-013",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-008",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1",
"refsource": "MISC",
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
}
]
},
"source": {
"advisory": "GHSA-m5vr-3m74-jwxp",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=9.0.0,\u003c9.5.20||\u003e=10.0.0,\u003c10.4.6",
"affected_versions": "All versions starting from 9.0.0 before 9.5.20, all versions starting from 10.0.0 before 10.4.6",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-327",
"CWE-78",
"CWE-937"
],
"date": "2021-11-19",
"description": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.",
"fixed_versions": [
"9.5.20",
"10.4.6"
],
"identifier": "CVE-2020-15098",
"identifiers": [
"GHSA-m5vr-3m74-jwxp",
"CVE-2020-15098"
],
"not_impacted": "All versions before 9.0.0, all versions starting from 9.5.20 before 10.0.0, all versions starting from 10.4.6",
"package_slug": "packagist/typo3/cms-core",
"pubdate": "2020-07-29",
"solution": "Upgrade to versions 9.5.20, 10.4.6 or above.",
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"urls": [
"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp",
"https://nvd.nist.gov/vuln/detail/CVE-2016-5091",
"https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1",
"https://typo3.org/security/advisory/typo3-core-sa-2016-013",
"https://typo3.org/security/advisory/typo3-core-sa-2020-008",
"https://nvd.nist.gov/vuln/detail/CVE-2020-15098",
"https://github.com/advisories/GHSA-m5vr-3m74-jwxp"
],
"uuid": "60014f96-093d-481a-896b-635244dc8413"
},
{
"affected_range": "\u003e=9.0.0,\u003c9.5.20||\u003e=10.0.0,\u003c10.4.6",
"affected_versions": "All versions starting from 9.0.0 before 9.5.20, all versions starting from 10.0.0 before 10.4.6",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-327",
"CWE-937"
],
"date": "2021-11-18",
"description": "In TYPO3 CMS, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).",
"fixed_versions": [
"9.5.20",
"10.4.6"
],
"identifier": "CVE-2020-15098",
"identifiers": [
"CVE-2020-15098",
"GHSA-m5vr-3m74-jwxp"
],
"not_impacted": "All versions before 9.0.0, all versions starting from 9.5.20 before 10.0.0, all versions starting from 10.4.6",
"package_slug": "packagist/typo3/cms",
"pubdate": "2020-07-29",
"solution": "Upgrade to versions 9.5.20, 10.4.6 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15098",
"https://typo3.org/security/advisory/typo3-core-sa-2016-013",
"https://typo3.org/security/advisory/typo3-core-sa-2020-008"
],
"uuid": "168de912-ccfd-42fa-a517-e0da274caefb"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.5.20",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4.6",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15098"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-008",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2016-013",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-11-18T18:26Z",
"publishedDate": "2020-07-29T17:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…