CVE-2020-15099 — Improper Input Validation in Typo3

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure CWE-325 — Missing Cryptographic Step CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-502 — Deserialization of Untrusted Data6 documents4 sources

Severity

8.1HIGHNVD

EPSS

1.2%

top 21.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Typo3 CMS Typo3 Cms-core +1 more

Timeline

PublishedJul 29

Description

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶Packagisttypo3/cms10.0.0 — 10.4.6+1

▶NVDtypo3/typo39.0.0 — 9.5.20+1

▶Packagisttypo3/cms-core9.0.0 — 9.5.20+1

▶CVEListV5typo3/typo3_cms>= 10.0.0, 10.4.6, >= 9.0.0, < 9.5.20+1

🔴Vulnerability Details

OSV

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS↗2020-07-29

▶

CVEList

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS↗2020-07-29

▶

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS↗2020-07-29

▶

GHSA

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS↗2020-07-29

▶

GHSA

Potential Remote Code Execution in TYPO3 with mediace extension↗2020-07-29

▶