GSD-2021-21357
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-21357",
"description": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.",
"id": "GSD-2021-21357"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-21357"
],
"details": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.",
"id": "GSD-2021-21357",
"modified": "2023-12-13T01:23:10.859480Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21357",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control in Form Framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-form",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-003",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
}
]
},
"source": {
"advisory": "GHSA-3vg7-jw9m-pc3f",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=8.0.0,\u003c8.7.40||\u003e=9.0.0,\u003c9.5.25||\u003e=10.0.0,\u003c10.4.14||\u003e=11.0.0,\u003c11.1.1",
"affected_versions": "All versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-22",
"CWE-434",
"CWE-937"
],
"date": "2021-03-26",
"description": "Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.",
"fixed_versions": [
"8.7.40",
"9.5.25",
"10.4.14",
"11.1.1"
],
"identifier": "CVE-2021-21357",
"identifiers": [
"CVE-2021-21357",
"GHSA-3vg7-jw9m-pc3f"
],
"not_impacted": "All versions before 8.0.0, all versions starting from 8.7.40 before 9.0.0, all versions starting from 9.5.25 before 10.0.0, all versions starting from 10.4.14 before 11.0.0, all versions starting from 11.1.1",
"package_slug": "packagist/typo3/cms-core",
"pubdate": "2021-03-23",
"solution": "Upgrade to versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21357",
"https://typo3.org/security/advisory/typo3-core-sa-2021-003"
],
"uuid": "a2632d54-4566-4124-8be5-ecf447707652"
},
{
"affected_range": "\u003e=8.0.0,\u003c=8.7.39||\u003e=9.0.0,\u003c=9.5.24||\u003e=10.0.0,\u003c=10.4.13||\u003e=11.0.0,\u003c=11.1.0",
"affected_versions": "All versions starting from 8.0.0 up to 8.7.39, all versions starting from 9.0.0 up to 9.5.24, all versions starting from 10.0.0 up to 10.4.13, all versions starting from 11.0.0 up to 11.1.0",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-22",
"CWE-434",
"CWE-937"
],
"date": "2021-03-29",
"description": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.",
"fixed_versions": [
"8.7.40",
"9.5.25",
"10.4.14",
"11.1.1"
],
"identifier": "CVE-2021-21357",
"identifiers": [
"GHSA-3vg7-jw9m-pc3f",
"CVE-2021-21357"
],
"not_impacted": "All versions before 8.0.0, all versions after 8.7.39 before 9.0.0, all versions after 9.5.24 before 10.0.0, all versions after 10.4.13 before 11.0.0, all versions after 11.1.0",
"package_slug": "packagist/typo3/cms-form",
"pubdate": "2021-03-23",
"solution": "Upgrade to versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.",
"title": "Unrestricted Upload of File with Dangerous Type",
"urls": [
"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f",
"https://packagist.org/packages/typo3/cms-form",
"https://nvd.nist.gov/vuln/detail/CVE-2021-21357",
"https://typo3.org/security/advisory/typo3-core-sa-2021-003",
"https://github.com/advisories/GHSA-3vg7-jw9m-pc3f"
],
"uuid": "76c2c676-930d-41db-b067-ab6191ce9472"
},
{
"affected_range": "\u003e=8.0.0,\u003c8.7.40||\u003e=9.0.0,\u003c9.5.25||\u003e=10.0.0,\u003c10.4.14||\u003e=11.0.0,\u003c11.1.1",
"affected_versions": "All versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-22",
"CWE-434",
"CWE-937"
],
"date": "2021-03-26",
"description": "Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.",
"fixed_versions": [
"8.7.40",
"9.5.25",
"10.4.14",
"11.1.1"
],
"identifier": "CVE-2021-21357",
"identifiers": [
"CVE-2021-21357",
"GHSA-3vg7-jw9m-pc3f"
],
"not_impacted": "All versions before 8.0.0, all versions starting from 8.7.40 before 9.0.0, all versions starting from 9.5.25 before 10.0.0, all versions starting from 10.4.14 before 11.0.0, all versions starting from 11.1.1",
"package_slug": "packagist/typo3/cms",
"pubdate": "2021-03-23",
"solution": "Upgrade to versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21357",
"https://typo3.org/security/advisory/typo3-core-sa-2021-003"
],
"uuid": "7ab67539-3a38-4572-81b1-ed7ffeac7d62"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21357"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-003",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"name": "https://packagist.org/packages/typo3/cms-form",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
},
"lastModifiedDate": "2021-03-26T18:55Z",
"publishedDate": "2021-03-23T02:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…