SB2020051514 - Multiple vulnerabilities in TYPO3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020051514

SB2020051514 - Multiple vulnerabilities in TYPO3

Published: May 15, 2020 Updated: May 15, 2020

Security Bulletin ID SB2020051514
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Cross-site request forgery (CVE-ID: CVE-2020-11069)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in the backend user interface and install tool. A remote authenticated attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.


2) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11067)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the backend user settings (in $BE_USER->uc). A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11066)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and trigger deletion of arbitrary directory in file system or trigger message submission via email using identity of web site.


4) Cross-site scripting (CVE-ID: CVE-2020-11065)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in link tags generated by "typolink" functionality. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Cross-site scripting (CVE-ID: CVE-2020-11064)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in HTML "placeholder" attributes. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Observable Response Discrepancy (CVE-ID: CVE-2020-11063)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the time-based attacks can be used with the password reset functionality for backend users. A remote attacker can mount user enumeration based on email addresses assigned to backend user accounts.


Remediation

Install update from vendor's website.

References