cvelistv5 - CVE-2020-15086

CVE-2020-15086 (GCVE-0-2020-15086)

Vulnerability from cvelistv5 – Published: 2020-07-29 16:15 – Updated: 2024-08-04 13:08

Summary

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - {"CWE-20":"Improper Input Validation"}
CWE-325 - {"CWE-325":"Missing Required Cryptographic Step"}
CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
CWE-200 - Information Exposure

Assigner

GitHub_M

References

URL

Tags

	https://github.com/FriendsOfTYPO3/mediace/securit…	x_refsource_CONFIRM
	https://github.com/FriendsOfTYPO3/mediace/commit/…	x_refsource_MISC
	https://github.com/FriendsOfTYPO3/mediace/pull/31	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	FriendsOfTYPO3	mediace	Affected: >= 7.6.2, < 7.6.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:21.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediace",
          "vendor": "FriendsOfTYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.6.2, \u003c 7.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "{\"CWE-20\":\"Improper Input Validation\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "{\"CWE-325\":\"Missing Required Cryptographic Step\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T16:15:30",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
        }
      ],
      "source": {
        "advisory": "GHSA-4h44-w6fm-548g",
        "discovery": "UNKNOWN"
      },
      "title": "Potential Remote Code Execution in TYPO3 with mediace extension",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15086",
          "STATE": "PUBLIC",
          "TITLE": "Potential Remote Code Execution in TYPO3 with mediace extension"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediace",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 7.6.2, \u003c 7.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FriendsOfTYPO3"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-20\":\"Improper Input Validation\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-325\":\"Missing Required Cryptographic Step\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g",
              "refsource": "CONFIRM",
              "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75",
              "refsource": "MISC",
              "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/pull/31",
              "refsource": "MISC",
              "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4h44-w6fm-548g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15086",
    "datePublished": "2020-07-29T16:15:30",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:21.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*\", \"versionStartIncluding\": \"7.6.2\", \"versionEndExcluding\": \"7.6.5\", \"matchCriteriaId\": \"0CE5AAA9-EF2F-4187-BFEE-851579D23887\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In TYPO3 installations with the \\\"mediace\\\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \\\"mediace\\\" extension for TYPO3.\"}, {\"lang\": \"es\", \"value\": \"En las instalaciones de TYPO3 con la extensi\\u00f3n \\\"mediace\\\" desde la versi\\u00f3n 7.6.2 y anteriores a la versi\\u00f3n 7.6.5, se ha detectado que se puede utilizar un mecanismo de verificaci\\u00f3n interna para generar sumas de comprobaci\\u00f3n arbitrarias. Permite inyectar datos arbitrarios que tienen un c\\u00f3digo de autenticaci\\u00f3n de mensaje criptogr\\u00e1fico v\\u00e1lido y puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo remota. Para explotar con \\u00e9xito esta vulnerabilidad, un atacante debe tener acceso al menos a un plugin \\\"Extbase\\\" o acci\\u00f3n de m\\u00f3dulo en una instalaci\\u00f3n TYPO3. Esto se corrigi\\u00f3 en la versi\\u00f3n 7.6.5 de la extensi\\u00f3n \\\"mediace\\\" para TYPO3\"}]",
      "id": "CVE-2020-15086",
      "lastModified": "2024-11-21T05:04:47.020",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-07-29T17:15:13.280",
      "references": "[{\"url\": \"https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FriendsOfTYPO3/mediace/pull/31\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FriendsOfTYPO3/mediace/pull/31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-325\"}, {\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-15086\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-07-29T17:15:13.280\",\"lastModified\":\"2024-11-21T05:04:47.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In TYPO3 installations with the \\\"mediace\\\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \\\"mediace\\\" extension for TYPO3.\"},{\"lang\":\"es\",\"value\":\"En las instalaciones de TYPO3 con la extensi\u00f3n \\\"mediace\\\" desde la versi\u00f3n 7.6.2 y anteriores a la versi\u00f3n 7.6.5, se ha detectado que se puede utilizar un mecanismo de verificaci\u00f3n interna para generar sumas de comprobaci\u00f3n arbitrarias. Permite inyectar datos arbitrarios que tienen un c\u00f3digo de autenticaci\u00f3n de mensaje criptogr\u00e1fico v\u00e1lido y puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Para explotar con \u00e9xito esta vulnerabilidad, un atacante debe tener acceso al menos a un plugin \\\"Extbase\\\" o acci\u00f3n de m\u00f3dulo en una instalaci\u00f3n TYPO3. Esto se corrigi\u00f3 en la versi\u00f3n 7.6.5 de la extensi\u00f3n \\\"mediace\\\" para TYPO3\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-325\"},{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*\",\"versionStartIncluding\":\"7.6.2\",\"versionEndExcluding\":\"7.6.5\",\"matchCriteriaId\":\"0CE5AAA9-EF2F-4187-BFEE-851579D23887\"}]}]}],\"references\":[{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/pull/31\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/pull/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-4H44-W6FM-548G

Vulnerability from github – Published: 2020-07-29 16:15 – Updated: 2024-02-05 10:43

Summary

Potential Remote Code Execution in TYPO3 with mediace extension

Details

Meta

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1)

CWE-325, CWE-20, CWE-200, CWE-502

Problem

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.

TYPO3-CORE-SA-2020-007, CVE-2020-15099: Potential Privilege Escalation
the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (7.5, high)
TYPO3-CORE-SA-2016-013, CVE-2016-5091: Insecure Deserialization & Remote Code Execution
an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1, critical)

The overall severity of this vulnerability is critical (9.1) based on mentioned attack chains and the fact it does not require any privileges.

Solution

In case the extension is not used and required at all, it is suggested to uninstall and remove it from the system completely. Otherwise, an updated version 7.6.5 is available from the TYPO3 extension manager, Packagist and the TYPO3 extension repository:

https://extensions.typo3.org/extension/download/mediace/7.6.5/zip/
https://packagist.org/packages/friendsoftypo3/mediace#7.6.5

As a precautionary measure it is advised to change encryptionKey and database credentials in typo3conf/LocalConfiguration.php.

Credits

Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.

References

TYPO3-EXT-SA-2020-014

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "friendsoftypo3/mediace"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.6.2"
            },
            {
              "fixed": "7.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-200",
      "CWE-325",
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-29T16:09:56Z",
    "nvd_published_at": "2020-07-29T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "\u003e ### Meta\n\u003e * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1)\n\u003e * CWE-325, CWE-20, CWE-200, CWE-502\n\n### Problem\nIt has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n\n* [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation\n  + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)\n  + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high)\n* [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization \u0026 Remote Code Execution\n  + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation\n  + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical)\n\nThe overall severity of this vulnerability is critical (9.1) based on mentioned attack chains and the fact it does not require any privileges.\n\n### Solution\nIn case the extension is not used and required at all, it is suggested to uninstall and remove it from the system completely. Otherwise, an updated version 7.6.5 is available from the TYPO3 extension manager, Packagist and the TYPO3 extension repository:\n\n* https://extensions.typo3.org/extension/download/mediace/7.6.5/zip/\n* https://packagist.org/packages/friendsoftypo3/mediace#7.6.5\n\nAs a precautionary measure it is advised to change `encryptionKey` and database credentials in `typo3conf/LocalConfiguration.php`.\n\n### Credits\nThanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.\n\n### References\n* [TYPO3-EXT-SA-2020-014](https://typo3.org/security/advisory/typo3-ext-sa-2020-014)",
  "id": "GHSA-4h44-w6fm-548g",
  "modified": "2024-02-05T10:43:51Z",
  "published": "2020-07-29T16:15:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15086"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsoftypo3/mediace/CVE-2020-15086.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FriendsOfTYPO3/mediace"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2020-014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential Remote Code Execution in TYPO3 with mediace extension"
}

GSD-2020-15086

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-15086

Aliases

CVE-2020-15086

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-15086",
    "description": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3.",
    "id": "GSD-2020-15086"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15086"
      ],
      "details": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3.",
      "id": "GSD-2020-15086",
      "modified": "2023-12-13T01:21:43.493454Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15086",
        "STATE": "PUBLIC",
        "TITLE": "Potential Remote Code Execution in TYPO3 with mediace extension"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "mediace",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 7.6.2, \u003c 7.6.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "FriendsOfTYPO3"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-20\":\"Improper Input Validation\"}"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-325\":\"Missing Required Cryptographic Step\"}"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200 Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g",
            "refsource": "CONFIRM",
            "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
          },
          {
            "name": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75",
            "refsource": "MISC",
            "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
          },
          {
            "name": "https://github.com/FriendsOfTYPO3/mediace/pull/31",
            "refsource": "MISC",
            "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4h44-w6fm-548g",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=7.6.2,\u003c7.6.5",
          "affected_versions": "All versions starting from 7.6.2 before 7.6.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-11-18",
          "description": "In TYPO3 installations with the `mediace` extension, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation.",
          "fixed_versions": [
            "7.6.5"
          ],
          "identifier": "CVE-2020-15086",
          "identifiers": [
            "CVE-2020-15086",
            "GHSA-4h44-w6fm-548g"
          ],
          "not_impacted": "All versions before 7.6.2, all versions starting from 7.6.5",
          "package_slug": "packagist/friendsoftypo3/mediace",
          "pubdate": "2020-07-29",
          "solution": "Upgrade to version 7.6.5 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15086"
          ],
          "uuid": "b25eb61d-df06-47e6-b10d-685719348d10"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.6.5",
                "versionStartIncluding": "7.6.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15086"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/pull/31",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-18T18:26Z",
      "publishedDate": "2020-07-29T17:15Z"
    }
  }
}

CNVD-2020-43617

Vulnerability from cnvd - Published: 2020-07-31

Title

TYPO3代码执行漏洞

Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 6.2.16版本至6.2.51 ELTS版本中存在安全漏洞。攻击者可利用该漏洞注入数据，执行代码。

Severity

高

Patch Name

TYPO3代码执行漏洞的补丁

Patch Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 6.2.16版本至6.2.51 ELTS版本中存在安全漏洞。攻击者可利用该漏洞注入数据，执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://typo3.org/security/advisory/typo3-psa-2020-001/

Reference

https://vigilance.fr/vulnerability/TYPO3-Core-6-TYPO-Mediace-Extension-privilege-escalation-via-HMAC-SHA1-32939

Impacted products

Name
TYPO3 Typo3 >=6.2.16，＜=6.2.51 ELTS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15086",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15086"
    }
  },
  "description": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\n\nTYPO3 6.2.16\u7248\u672c\u81f36.2.51 ELTS\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6570\u636e\uff0c\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://typo3.org/security/advisory/typo3-psa-2020-001/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-43617",
  "openTime": "2020-07-31",
  "patchDescription": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\r\n\r\nTYPO3 6.2.16\u7248\u672c\u81f36.2.51 ELTS\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6570\u636e\uff0c\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TYPO3\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TYPO3 Typo3 \u003e=6.2.16\uff0c\uff1c=6.2.51 ELTS"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/TYPO3-Core-6-TYPO-Mediace-Extension-privilege-escalation-via-HMAC-SHA1-32939",
  "serverity": "\u9ad8",
  "submitTime": "2020-07-30",
  "title": "TYPO3\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2020-15086

Vulnerability from fkie_nvd - Published: 2020-07-29 17:15 - Updated: 2024-11-21 05:04

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/FriendsOfTYPO3/mediace/pull/31	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FriendsOfTYPO3/mediace/pull/31	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	typo3	mediace	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*",
              "matchCriteriaId": "0CE5AAA9-EF2F-4187-BFEE-851579D23887",
              "versionEndExcluding": "7.6.5",
              "versionStartIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
    },
    {
      "lang": "es",
      "value": "En las instalaciones de TYPO3 con la extensi\u00f3n \"mediace\" desde la versi\u00f3n 7.6.2 y anteriores a la versi\u00f3n 7.6.5, se ha detectado que se puede utilizar un mecanismo de verificaci\u00f3n interna para generar sumas de comprobaci\u00f3n arbitrarias. Permite inyectar datos arbitrarios que tienen un c\u00f3digo de autenticaci\u00f3n de mensaje criptogr\u00e1fico v\u00e1lido y puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Para explotar con \u00e9xito esta vulnerabilidad, un atacante debe tener acceso al menos a un plugin \"Extbase\" o acci\u00f3n de m\u00f3dulo en una instalaci\u00f3n TYPO3. Esto se corrigi\u00f3 en la versi\u00f3n 7.6.5 de la extensi\u00f3n \"mediace\" para TYPO3"
    }
  ],
  "id": "CVE-2020-15086",
  "lastModified": "2024-11-21T05:04:47.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-29T17:15:13.280",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-325"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-15086 (GCVE-0-2020-15086)

GHSA-4H44-W6FM-548G

Meta

Problem

Solution

Credits

References

GSD-2020-15086

CNVD-2020-43617

FKIE_CVE-2020-15086

Tags

Sightings

Nomenclature