admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-110xx/CVE-2020-11069.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

147 lines
8.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-11069",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-14T00:15:11.493",
"lastModified": "2021-11-04T17:52:26.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, se detect\u00f3 que la interfaz de usuario del backend y la herramienta de instalaci\u00f3n son vulnerables a un ataque de tipo same-site request forgery. Un usuario del backend puede ser enga\u00f1ado para que interact\u00fae con un recurso malicioso que un atacante administr\u00f3 previamente para cargarlo en el servidor web. Los scripts son luego ejecutados con los privilegios de la sesi\u00f3n de usuario de las v\u00edctimas. En un escenario del peor de los casos, nuevos usuarios administradores pueden ser creados, lo que pueden ser usado directamente por un atacante. La vulnerabilidad es b\u00e1sicamente una de tipo cross-site request forgery (CSRF) activada por una vulnerabilidad de tipo cross-site scripting (XSS), pero se presenta en el mismo host de destino, por lo que en realidad es una vulnerabilidad de tipo same-site request forgery. Una carga maliciosa, como HTML que contiene JavaScript, puede ser proporcionada por un usuario del backend autenticado o por un usuario no autenticado que use una extensi\u00f3n de terceros, por ejemplo, una carga de archivos en un formulario de contacto con el conocimiento de la ubicaci\u00f3n de destino. Para tener \u00e9xito, la v\u00edctima atacada requiere una sesi\u00f3n de usuario del backend o la herramienta de instalaci\u00f3n activa y v\u00e1lida al momento del ataque. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2. El despliegue de t\u00e9cnicas de mitigaci\u00f3n adicionales se sugiere como se describe a continuaci\u00f3n. - Sudo Mode Extension, esta extensi\u00f3n de TYPO3 intercepta modificaciones en las tablas de bases de datos relevantes para la seguridad, por ejemplo, aquellas que almacenan cuentas de usuario o almacenamientos de la capa de abstracci\u00f3n de archivos. Las modificaciones necesitan ser confirmadas nuevamente por el usuario activo que proporcione su contrase\u00f1a nuevamente. Esta t\u00e9cnica se conoce como modo sudo. De esta manera, pueden ser mitigadas las acciones no previstas que suceden en segundo plano. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies le dice a los navegadores (modernos) c\u00f3mo se manejan los recursos que sirven a un sitio en particular. Tambi\u00e9n es posible rechazar ejecuciones de script para ubicaciones espec\u00edficas. En un contexto TYPO3, se sugiere no permitir la ejecuci\u00f3n directa de scripts al menos para las ubicaciones /fileadmin/ y /uploads/."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
},
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.5.16",
"matchCriteriaId": "039BA16C-73B6-4752-A92D-B2980B2C3226"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndIncluding": "10.4.1",
"matchCriteriaId": "C71BE201-8A33-4586-9943-3523546CA40F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink