cnvd - cnvd-2020-65162

CNVD-2020-65162

Vulnerability from cnvd - Published: 2020-11-19

Title

TYPO3输入验证错误漏洞（CNVD-2020-65162）

Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3存在安全漏洞，该漏洞源于对RSS小部件中用户提供的XML输入的验证不足，远程用户可以向受影响的应用程序传递专门编写的XML代码，查看系统上任意文件的内容，或者向外部系统发起请求。攻击者可利用该漏洞查看服务器上任意文件的内容，或对内部和外部基础设施执行网络扫描。

Severity

中

Patch Name

TYPO3输入验证错误漏洞（CNVD-2020-65162）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://typo3.org/article/typo3-core-sa-2020-012

Reference

https://vigilance.fr/vulnerability/TYPO3-Core-multiple-vulnerabilities-33909

Impacted products

Name
TYPO3 Typo3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26229",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26229"
    }
  },
  "description": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\n\nTYPO3\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9RSS\u5c0f\u90e8\u4ef6\u4e2d\u7528\u6237\u63d0\u4f9b\u7684XML\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u8fdc\u7a0b\u7528\u6237\u53ef\u4ee5\u5411\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u4f20\u9012\u4e13\u95e8\u7f16\u5199\u7684XML\u4ee3\u7801\uff0c\u67e5\u770b\u7cfb\u7edf\u4e0a\u4efb\u610f\u6587\u4ef6\u7684\u5185\u5bb9\uff0c\u6216\u8005\u5411\u5916\u90e8\u7cfb\u7edf\u53d1\u8d77\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u7684\u5185\u5bb9\uff0c\u6216\u5bf9\u5185\u90e8\u548c\u5916\u90e8\u57fa\u7840\u8bbe\u65bd\u6267\u884c\u7f51\u7edc\u626b\u63cf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://typo3.org/article/typo3-core-sa-2020-012",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-65162",
  "openTime": "2020-11-19",
  "patchDescription": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\r\n\r\nTYPO3\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9RSS\u5c0f\u90e8\u4ef6\u4e2d\u7528\u6237\u63d0\u4f9b\u7684XML\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u8fdc\u7a0b\u7528\u6237\u53ef\u4ee5\u5411\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u4f20\u9012\u4e13\u95e8\u7f16\u5199\u7684XML\u4ee3\u7801\uff0c\u67e5\u770b\u7cfb\u7edf\u4e0a\u4efb\u610f\u6587\u4ef6\u7684\u5185\u5bb9\uff0c\u6216\u8005\u5411\u5916\u90e8\u7cfb\u7edf\u53d1\u8d77\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u7684\u5185\u5bb9\uff0c\u6216\u5bf9\u5185\u90e8\u548c\u5916\u90e8\u57fa\u7840\u8bbe\u65bd\u6267\u884c\u7f51\u7edc\u626b\u63cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TYPO3\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-65162\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "TYPO3 Typo3"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/TYPO3-Core-multiple-vulnerabilities-33909",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-18",
  "title": "TYPO3\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-65162\uff09"
}

CVE-2020-26229 (GCVE-0-2020-26229)

Vulnerability from cvelistv5 – Published: 2020-11-23 21:15 – Updated: 2024-08-04 15:56

Summary

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/TYPO3/TYPO3.CMS/security/advis…	x_refsource_CONFIRM
	https://typo3.org/security/advisory/typo3-core-sa…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	TYPO3	TYPO3.CMS	Affected: >= 10.0.0, < 10.4.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:03.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TYPO3.CMS",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.4.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-23T21:15:17",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
        }
      ],
      "source": {
        "advisory": "GHSA-q9cp-mc96-m4w2",
        "discovery": "UNKNOWN"
      },
      "title": "XML External Entity in Dashboard Widget",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26229",
          "STATE": "PUBLIC",
          "TITLE": "XML External Entity in Dashboard Widget"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TYPO3.CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 10.0.0, \u003c 10.4.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TYPO3"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-611: Improper Restriction of XML External Entity Reference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2",
              "refsource": "CONFIRM",
              "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
            },
            {
              "name": "https://typo3.org/security/advisory/typo3-core-sa-2020-012",
              "refsource": "MISC",
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q9cp-mc96-m4w2",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26229",
    "datePublished": "2020-11-23T21:15:18",
    "dateReserved": "2020-10-01T00:00:00",
    "dateUpdated": "2024-08-04T15:56:03.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-65162

CVE-2020-26229 (GCVE-0-2020-26229)

Tags

Sightings

Nomenclature