Lucene search
TYPO3 AssociationTYPO3-CORE-SA-2020-007HistoryJul 28, 2020 - 12:00 a.m.
Potential Privilege Escalation
2020-07-2800:00:00
TYPO3 Association
typo3.org
50
0.009 Low
EPSS
Percentile
83.2%
In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php which again contains the encryptionKey as well as credentials of the database management system being used.
Related
cve
cve
CVE-2020-15099
2020-07-29 17:15:13
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
2020-07-29 16:15:32
BIT-typo3-2020-15099
2024-03-06 11:11:45
CVE-2020-15099
2020-07-29 17:15:13
prion
prion
Remote code execution
2020-07-29 17:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
2020-07-29 16:15:32
Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:12
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
2020-07-28 08:18:30
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
2020-07-28 08:18:30
nvd
nvd
CVE-2020-15099
2020-07-29 17:15:13
ubuntucve
ubuntucve
CVE-2020-15099
2020-07-29 00:00:00
cvelist
cvelist
openvas
openvas
nessus
nessus
freebsd
freebsd
typo3 -- multiple vulnerabilities
2020-07-28 00:00:00
typo3
typo3
Sensitive Information Disclosure
2020-07-28 00:00:00
Critical vulnerability in legacy versions of TYPO3 CMS
2020-07-28 00:00:00