CVE-2020-26231Missing Authorization in CMS

CWE-862Missing Authorization6 documents3 sources
Severity
6.7MEDIUMNVD
NVD5.2GHSA5.2OSV5.2
EPSS
0.0%
top 90.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
October CMSOctobercms October
Timeline
PublishedNov 23
Latest updateMay 4

Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig san

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

Packagistoctober/cms1.0.4691.0.470+2
NVDoctobercms/october1.1.01.1.1+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Bypass of fix for CVE-2020-26231, Twig sandbox escape2021-05-04
GHSA
Bypass of fix for CVE-2020-26231, Twig sandbox escape2021-05-04
OSV
Bypass of fix for CVE-2020-15247, Twig sandbox escape2020-11-23
GHSA
Bypass of fix for CVE-2020-15247, Twig sandbox escape2020-11-23