What is TYPO3-CORE-SA-2020-011?

TYPO3-CORE-SA-2020-011 is a vulnerability that allows for cleartext storage of session identifiers in TYPO3 CMS.

How does TYPO3-CORE-SA-2020-011 impact my website?

TYPO3-CORE-SA-2020-011 can lead to an attacker being able to intercept and use session identifiers, potentially compromising user sessions.

Which versions of TYPO3 are affected by TYPO3-CORE-SA-2020-011?

TYPO3 versions 8.7.0 to 8.7.38, 9.0.0 to 9.5.23, and 10.0.0 to 10.4.10 are affected by TYPO3-CORE-SA-2020-011.

How do I fix TYPO3-CORE-SA-2020-011?

To fix TYPO3-CORE-SA-2020-011, update TYPO3 to a version that includes the security fix.

Where can I find more information about TYPO3-CORE-SA-2020-011?

More information about TYPO3-CORE-SA-2020-011 can be found on the TYPO3 website at https://typo3.org/security/advisory/typo3-core-sa-2020-011.

Vulnerability/
CVE-2020-26228

high

8.1

CWE

312 89

17/11/2020

23/11/2020

5/2/2024

CVE-2020-26228: SQL Injection

First published: Tue Nov 17 2020(Updated: )

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
composer/typo3/cms-core	>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
composer/typo3/cms	>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
Typo3 Typo3	>=9.0.0<9.5.23
Typo3 Typo3	>=10.0.0<10.4.10
composer/typo3/cms	>=8.7.0<8.7.38	8.7.38
composer/typo3/cms	>=9.0.0<9.5.23	9.5.23
composer/typo3/cms	>=10.0.0<10.4.10	10.4.10
composer/typo3/cms-core	>=8.7.0<8.7.38	8.7.38
composer/typo3/cms-core	>=10.0.0<10.4.10	10.4.10
composer/typo3/cms-core	>=9.0.0<9.5.23	9.5.23
	>=9.0.0<9.5.23
	>=10.0.0<10.4.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is TYPO3-CORE-SA-2020-011?
TYPO3-CORE-SA-2020-011 is a vulnerability that allows for cleartext storage of session identifiers in TYPO3 CMS.
How does TYPO3-CORE-SA-2020-011 impact my website?
TYPO3-CORE-SA-2020-011 can lead to an attacker being able to intercept and use session identifiers, potentially compromising user sessions.
Which versions of TYPO3 are affected by TYPO3-CORE-SA-2020-011?
TYPO3 versions 8.7.0 to 8.7.38, 9.0.0 to 9.5.23, and 10.0.0 to 10.4.10 are affected by TYPO3-CORE-SA-2020-011.
How do I fix TYPO3-CORE-SA-2020-011?
To fix TYPO3-CORE-SA-2020-011, update TYPO3 to a version that includes the security fix.
Where can I find more information about TYPO3-CORE-SA-2020-011?
More information about TYPO3-CORE-SA-2020-011 can be found on the TYPO3 website at https://typo3.org/security/advisory/typo3-core-sa-2020-011.

collector/friends-of-php
collector/nvd-index
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-954j-f27r-cj52
alias/CVE-2020-26228
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/description
agent/author
agent/softwarecombine
agent/tags
agent/event
collector/nvd-cve
source/NVD
collector/github-advisory
package-manager/composer
vendor/typo3
canonical/typo3 typo3
version/typo3 typo3/9.0.0
version/typo3 typo3/10.0.0