CVE-2020-15098
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
En TYPO3 CMS versiones posteriores o igual a 9.0.0 y anteriores a 9.5.20, y versiones posteriores o igual a 10.0.0 y anteriores a 10.4.6, se ha detectado que puede ser usado un mecanismo de verificación interna para generar sumas de comprobación arbitrarias. Esto permite inyectar datos arbitrarios que tienen un código de autenticación de mensaje criptográfico válido (HMAC-SHA1) y puede conllevar a varias cadenas de ataque, incluyendo una escalada potencial de privilegios, una deserialización no segura y una ejecución de código remota. La gravedad general de esta vulnerabilidad es alta según las cadenas de ataque mencionadas y el requisito de tener una sesión de usuario del backend válida (autenticada). Esto ha sido parcheado en las versiones 9.5.20 y 10.4.6
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-25 CVE Reserved
- 2020-07-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-325: Missing Cryptographic Step
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1 | Broken Link | |
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://typo3.org/security/advisory/typo3-core-sa-2016-013 | 2021-11-18 | |
https://typo3.org/security/advisory/typo3-core-sa-2020-008 | 2021-11-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 9.0.0 < 9.5.20 Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.20" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 10.0.0 < 10.4.6 Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.6" | - |
Affected
|