FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
59fabdf2-9549-11ea-9448-08002728f74c	typo3 -- multiple vulnerabilities Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not. CVE-2020-11064: TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine It has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. CVE-2020-11065: TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly. CVE-2020-11066: TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay) Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. CVE-2020-11067: TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. CVE-2020-11069: TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface It has been discovered that the backend user interface and install tool are vulnerable to same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privileges of the victimsâ user session. In a worst case scenario new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, itâ actually a same-site request forgery (SSRF). Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a 3rd party extension - e.g. file upload in a contact form with knowing the target location. The attacked victim requires an active and valid backend or install tool user session at the time of the attack to be successful. Discovery 2020-05-12 Entry 2020-05-13 typo3-9-php72 typo3-9-php73 typo3-9-php74 < 9.5.17 typo3-10-php72 typo3-10-php73 typo3-10-php74 < 10.4.2 https://typo3.org/article/typo3-1042-and-9517-security-releases-published https://get.typo3.org/release-notes/9.5.17 https://get.typo3.org/release-notes/10.4.2 https://typo3.org/security/advisory/typo3-core-sa-2020-001 https://typo3.org/security/advisory/typo3-core-sa-2020-002 https://typo3.org/security/advisory/typo3-core-sa-2020-003 https://typo3.org/security/advisory/typo3-core-sa-2020-004 https://typo3.org/security/advisory/typo3-core-sa-2020-005 https://typo3.org/security/advisory/typo3-core-sa-2020-006 CVE-2020-11063 CVE-2020-11064 CVE-2020-11065 CVE-2020-11066 CVE-2020-11067 CVE-2020-11069

VuXML ID

Description

59fabdf2-9549-11ea-9448-08002728f74c

typo3 -- multiple vulnerabilities

Typo3 News:

CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not.

CVE-2020-11064: TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

It has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.

CVE-2020-11065: TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly.

CVE-2020-11066: TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

Calling unserialize() on malicious user-submitted content can result in the following scenarios:

- trigger deletion of arbitrary directory in file system (if writable for web server)

- trigger message submission via email using identity of web site (mail relay)

Another insecure deserialization vulnerability is required to actually exploit mentioned aspects.

CVE-2020-11067: TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability.

CVE-2020-11069: TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privileges of the victimsâ user session.

In a worst case scenario new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, itâ actually a same-site request forgery (SSRF).

Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a 3rd party extension - e.g. file upload in a contact form with knowing the target location.

The attacked victim requires an active and valid backend or install tool user session at the time of the attack to be successful.

Discovery 2020-05-12
Entry 2020-05-13
typo3-9-php72
typo3-9-php73
typo3-9-php74

< 9.5.17

typo3-10-php72
typo3-10-php73
typo3-10-php74

< 10.4.2

https://typo3.org/article/typo3-1042-and-9517-security-releases-published
https://get.typo3.org/release-notes/9.5.17
https://get.typo3.org/release-notes/10.4.2
https://typo3.org/security/advisory/typo3-core-sa-2020-001
https://typo3.org/security/advisory/typo3-core-sa-2020-002
https://typo3.org/security/advisory/typo3-core-sa-2020-003
https://typo3.org/security/advisory/typo3-core-sa-2020-004
https://typo3.org/security/advisory/typo3-core-sa-2020-005
https://typo3.org/security/advisory/typo3-core-sa-2020-006
CVE-2020-11063
CVE-2020-11064
CVE-2020-11065
CVE-2020-11066
CVE-2020-11067
CVE-2020-11069