FKIE_CVE-2020-25817

Vulnerability from fkie_nvd - Published: 2021-06-08 18:15 - Updated: 2024-11-21 05:18
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
References
cve@mitre.orghttps://forum.silverstripe.org/c/releasesRelease Notes, Vendor Advisory
cve@mitre.orghttps://www.silverstripe.org/blog/tag/releaseRelease Notes, Vendor Advisory
cve@mitre.orghttps://www.silverstripe.org/download/security-releases/Vendor Advisory
cve@mitre.orghttps://www.silverstripe.org/download/security-releases/cve-2020-25817Broken Link
af854a3a-2127-422b-91ae-364da2661108https://forum.silverstripe.org/c/releasesRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.silverstripe.org/blog/tag/releaseRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.silverstripe.org/download/security-releases/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.silverstripe.org/download/security-releases/cve-2020-25817Broken Link
Impacted products
Vendor Product Version
silverstripe silverstripe *
silverstripe silverstripe 4.6.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53FA0A8-2DF2-4918-8ABB-B3DA0C81537F",
              "versionEndExcluding": "4.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CD381280-D40A-4645-8618-B5F753FE59D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817])."
    },
    {
      "lang": "es",
      "value": "SilverStripe versiones hasta 4.6.0-rc1, presenta una vulnerabilidad de tipo XXE en CSSContentParser. Una utilidad para desarrolladores destinada a analizar HTML dentro de las pruebas unitarias puede ser vulnerable a ataques de tipo XML External Entity (XXE). Cuando esta utilidad para desarrolladores es usada de forma indebida para fines que implican datos externos o enviados por el usuario en el c\u00f3digo de proyectos personalizados, puede conllevar a vulnerabilidades de tipo XSS en la salida de HTML renderizada mediante este c\u00f3digo personalizado. Esto es mitigado ahora al desactivar las entidades externas durante el an\u00e1lisis sint\u00e1ctico. (El a\u00f1o correcto del CVE ID es 2020 [CVE-2020-25817, no CVE-2021-25817])"
    }
  ],
  "id": "CVE-2020-25817",
  "lastModified": "2024-11-21T05:18:50.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-08T18:15:07.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://forum.silverstripe.org/c/releases"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/blog/tag/release"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://forum.silverstripe.org/c/releases"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/blog/tag/release"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.