In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
Published 2020-07-29 17:15:13
Updated 2021-11-18 18:26:32
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Input validationExecute codeInformation leak

Products affected by CVE-2020-15086

  • Typo3 » Mediace » For Typo3
    Versions from including (>=) 7.6.2 and before (<) 7.6.5
    cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*

Exploit prediction scoring system (EPSS) score for CVE-2020-15086

11.51%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15086

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
GitHub, Inc.

CWE ids for CVE-2020-15086

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: security-advisories@github.com (Secondary)
  • The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
    Assigned by: security-advisories@github.com (Secondary)
  • The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
    Assigned by: security-advisories@github.com (Secondary)
  • The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
    Assigned by: security-advisories@github.com (Secondary)

References for CVE-2020-15086

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!