First published: Tue Jul 28 2020(Updated: )
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) > * CWE-325, CWE-20, CWE-200, CWE-502 ### Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below. * [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network) + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high) * [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization & Remote Code Execution + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical) The overall severity of this vulnerability is **high (8.2)** based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). ### Solution Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2020-008](https://typo3.org/security/advisory/typo3-core-sa-2020-008)
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/typo3/cms | >=10.0.0<10.4.6>=9.0.0<9.5.20 | |
composer/typo3/cms-core | >=10.0.0<10.4.6>=9.0.0<9.5.20 | |
composer/typo3/cms | >=9.0.0<9.5.20 | 9.5.20 |
composer/typo3/cms | >=10.0.0<10.4.6 | 10.4.6 |
composer/typo3/cms-core | >=10.0.0<10.4.6 | 10.4.6 |
composer/typo3/cms-core | >=9.0.0<9.5.20 | 9.5.20 |
TYPO3 | >=9.0.0<9.5.20 | |
TYPO3 | >=10.0.0<10.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15098 is a vulnerability in TYPO3 CMS that allows sensitive information disclosure.
The severity of CVE-2020-15098 is high, with a CVSS score of 8.8.
TYPO3 CMS versions 9.0.0 to 9.5.20 and versions 10.0.0 to 10.4.6 are affected by CVE-2020-15098.
This vulnerability can be exploited by using an internal verification mechanism to generate arbitrary checksums and inject arbitrary data.
To fix CVE-2020-15098, it is recommended to upgrade TYPO3 CMS to version 9.5.20 or 10.4.6, depending on the installed version.