6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.034 Low
EPSS
Percentile
91.5%
> ### Meta
> * CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(8.2)
> * CWE-325, CWE-20, CWE-200, CWE-502
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(7.5, high)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(9.1, critical)The overall severity of this vulnerability is high (8.2) based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).
Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described.
Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms | lt | 9.5.20 | |
typo3/cms | lt | 10.4.6 | |
typo3/cms-core | lt | 10.4.6 | |
typo3/cms-core | lt | 9.5.20 |
github.com/advisories/GHSA-m5vr-3m74-jwxp
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15098.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15098.yaml
github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp
nvd.nist.gov/vuln/detail/CVE-2016-5091
nvd.nist.gov/vuln/detail/CVE-2020-15098
typo3.org/security/advisory/typo3-core-sa-2016-013
typo3.org/security/advisory/typo3-core-sa-2020-008
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.034 Low
EPSS
Percentile
91.5%