> ### Meta
> * CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(8.2)
> * CWE-325, CWE-20, CWE-200, CWE-502
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(7.5, high)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
(9.1, critical)The overall severity of this vulnerability is high (8.2) based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).
Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described.
Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms | eq | 9.5.11 | |
typo3/cms-core | eq | 9.5.1 | |
typo3/cms | eq | 10.0.0 | |
typo3/cms | eq | 9.5.10 | |
typo3/cms | eq | 9.3.2 | |
typo3/cms-core | eq | 9.5.17 | |
typo3/cms-core | eq | 9.2.0 | |
typo3/cms | eq | 9.4.0 | |
typo3/cms | eq | 10.2.2 | |
typo3/cms-core | eq | 9.5.19 |
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15098.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15098.yaml
github.com/TYPO3/TYPO3.CMS
github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp
nvd.nist.gov/vuln/detail/CVE-2016-5091
nvd.nist.gov/vuln/detail/CVE-2020-15098
typo3.org/security/advisory/typo3-core-sa-2016-013
typo3.org/security/advisory/typo3-core-sa-2020-008