CVE-2021-21357

{"id": "CVE-2021-21357", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2021-03-23T02:15:12.720", "references": [{"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://packagist.org/packages/typo3/cms-form", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packagist.org/packages/typo3/cms-form", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."}, {"lang": "es", "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 8.7.40, 9.5.25, 10.4.14, 11.1.1, debido a una validaci\u00f3n de entrada inadecuada, los atacantes pueden eludir las restricciones de las opciones predefinidas y enviar datos arbitrarios en el m\u00f3dulo backend del Dise\u00f1ador de formularios del Marco de formularios. En la configuraci\u00f3n por defecto del Form Framework esto permite a los atacantes permitir expl\u00edcitamente tipos mime arbitrarios para la subida de archivos - sin embargo, el _fileDenyPattern_ por defecto bloquea con \u00e9xito archivos como _.htaccess_ o _malicious.php_. Adem\u00e1s de eso, los atacantes pueden persistir esos archivos en cualquier directorio con capacidad de escritura de la correspondiente instalaci\u00f3n de TYPO3. Se necesita una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formularios para explotar esta vulnerabilidad. Esto est\u00e1 corregido en las versiones 8.7.40, 9.5.25, 10.4.14, 11.1.1"}], "lastModified": "2024-11-21T05:48:11.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B", "versionEndExcluding": "8.7.40", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348", "versionEndExcluding": "9.5.25", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2", "versionEndExcluding": "10.4.14", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D", "versionEndExcluding": "11.1.1", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}