GitHub Advisory DatabaseGHSA-2RXH-H6H9-QRQCClass destructors causing side-effects when being unserialized in TYPO3 CMS
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
EPSS
Percentile
44.0%
Calling unserialize() on malicious user-submitted content can result in the following scenarios:
- trigger deletion of arbitrary directory in file system (if writable for web server)
- trigger message submission via email using identity of web site (mail relay)
Another insecure deserialization vulnerability is required to actually exploit mentioned aspects.
Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.
References
Affected configurations
References
github.com/advisories/GHSA-2rxh-h6h9-qrqc
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11066.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11066.yaml
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc
nvd.nist.gov/vuln/detail/CVE-2020-11066
typo3.org/security/advisory/typo3-core-sa-2020-004
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
EPSS
Percentile
44.0%