Vulnerability Details : CVE-2020-15086
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
Vulnerability category: Input validationExecute codeInformation leak
Products affected by CVE-2020-15086
- cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15086
11.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2020-15086
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Secondary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.Assigned by: security-advisories@github.com (Secondary)
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2020-15086
-
https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g
Sensitive Information Disclosure in extension "Media Content Element" (mediace) · Advisory · FriendsOfTYPO3/mediace · GitHubExploit;Patch;Third Party Advisory
-
https://github.com/FriendsOfTYPO3/mediace/pull/31
[SECURITY] Restrict file validation hash generation by ohader · Pull Request #31 · FriendsOfTYPO3/mediace · GitHubPatch;Third Party Advisory
-
https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75
[SECURITY] Restrict file validation hash generation · FriendsOfTYPO3/mediace@fa29ffd · GitHubPatch;Third Party Advisory
Jump to