CVE-2020-15098

{"id": "CVE-2020-15098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-07-29T17:15:13.387", "references": [{"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1", "tags": ["Broken Link"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-325"}, {"lang": "en", "value": "CWE-502"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."}, {"lang": "es", "value": "En TYPO3 CMS versiones posteriores o igual a 9.0.0 y anteriores a 9.5.20, y versiones posteriores o igual a 10.0.0 y anteriores a 10.4.6, se ha detectado que puede ser usado un mecanismo de verificaci\u00f3n interna para generar sumas de comprobaci\u00f3n arbitrarias. Esto permite inyectar datos arbitrarios que tienen un c\u00f3digo de autenticaci\u00f3n de mensaje criptogr\u00e1fico v\u00e1lido (HMAC-SHA1) y puede conllevar a varias cadenas de ataque, incluyendo una escalada potencial de privilegios, una deserializaci\u00f3n no segura y una ejecuci\u00f3n de c\u00f3digo remota. La gravedad general de esta vulnerabilidad es alta seg\u00fan las cadenas de ataque mencionadas y el requisito de tener una sesi\u00f3n de usuario del backend v\u00e1lida (autenticada). Esto ha sido parcheado en las versiones 9.5.20 y 10.4.6"}], "lastModified": "2024-11-21T05:04:48.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533733E0-9B24-41B2-A9A3-BF03785B6A85", "versionEndExcluding": "9.5.20", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22121C59-1C9F-4079-AD4F-965F872BAC58", "versionEndExcluding": "10.4.6", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}