Date: Wed, 13 May 2020 20:44:18 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r535178 - head/security/vuxml Message-ID: <202005132044.04DKiIeo004015@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Wed May 13 20:44:17 2020 New Revision: 535178 URL: https://svnweb.freebsd.org/changeset/ports/535178 Log: Document typo3 vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed May 13 20:42:38 2020 (r535177) +++ head/security/vuxml/vuln.xml Wed May 13 20:44:17 2020 (r535178) @@ -58,6 +58,108 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="59fabdf2-9549-11ea-9448-08002728f74c"> + <topic>typo3 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>typo3-9-php72</name> + <name>typo3-9-php73</name> + <name>typo3-9-php74</name> + <range><lt>9.5.17</lt></range> + </package> + <package> + <name>typo3-10-php72</name> + <name>typo3-10-php73</name> + <name>typo3-10-php74</name> + <range><lt>10.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Typo3 News:</p> + <blockquote cite="https://typo3.org/article/typo3-1042-and-9517-security-releases-published"> + <p>CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in + Password Reset</p> + <p>It has been discovered that time-based attacks can be used with the + password reset functionality for backend users. This allows an attacker + to verify whether a backend user account with a given email address + exists or not.</p> + <p/> + <p>CVE-2020-11064: TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form + Engine</p> + <p>It has been discovered that HTML placeholder attributes containing + data of other database records are vulnerable to cross-site scripting. A + valid backend user account is needed to exploit this vulnerability.</p> + <p/> + <p>CVE-2020-11065: TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link + Handling</p> + <p>It has been discovered that link tags generated by typolink + functionality are vulnerable to cross-site scripting - properties being + assigned as HTML attributes have not been parsed correctly.</p> + <p/> + <p>CVE-2020-11066: TYPO3-CORE-SA-2020-004: Class destructors causing + side-effects when being unserialized</p> + <p>Calling unserialize() on malicious user-submitted content can result + in the following scenarios:</p> + <p>- trigger deletion of arbitrary directory in file system (if writable + for web server)</p> + <p>- trigger message submission via email using identity of web site + (mail relay)</p> + <p>Another insecure deserialization vulnerability is required to actually + exploit mentioned aspects.</p> + <p/> + <p>CVE-2020-11067: TYPO3-CORE-SA-2020-005: Insecure Deserialization in + Backend User Settings</p> + <p>It has been discovered that backend user settings (in $BE_USER->uc) are + vulnerable to insecure deserialization. In combination with + vulnerabilities of 3rd party components this can lead to remote code + execution. A valid backend user account is needed to exploit this + vulnerability.</p> + <p/> + <p>CVE-2020-11069: TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to + Backend User Interface</p> + <p>It has been discovered that the backend user interface and install tool + are vulnerable to same-site request forgery. A backend user can be + tricked into interacting with a malicious resource an attacker + previously managed to upload to the web server - scripts are then + executed with the privileges of the victims’ user session.</p> + <p>In a worst case scenario new admin users can be created which can + directly be used by an attacker. The vulnerability is basically a + cross-site request forgery (CSRF) triggered by a cross-site scripting + vulnerability (XSS) - but happens on the same target host - thus, it’ + actually a same-site request forgery (SSRF).</p> + <p>Malicious payload such as HTML containing JavaScript might be provided + by either an authenticated backend user or by a non-authenticated user + using a 3rd party extension - e.g. file upload in a contact form with + knowing the target location.</p> + <p>The attacked victim requires an active and valid backend or install + tool user session at the time of the attack to be successful.</p> + </blockquote> + </body> + </description> + <references> + <url>https://typo3.org/article/typo3-1042-and-9517-security-releases-published</url> + <url>https://get.typo3.org/release-notes/9.5.17</url> + <url>https://get.typo3.org/release-notes/10.4.2</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-001</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-002</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-003</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-004</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-005</url> + <url>https://typo3.org/security/advisory/typo3-core-sa-2020-006</url> + <cvename>CVE-2020-11063</cvename> + <cvename>CVE-2020-11064</cvename> + <cvename>CVE-2020-11065</cvename> + <cvename>CVE-2020-11066</cvename> + <cvename>CVE-2020-11067</cvename> + <cvename>CVE-2020-11069</cvename> + </references> + <dates> + <discovery>2020-05-12</discovery> + <entry>2020-05-13</entry> + </dates> + </vuln> + <vuln vid="0bfcae0b-947f-11ea-92ab-00163e433440"> <topic>FreeBSD -- Insufficient cryptodev MAC key length check</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005132044.04DKiIeo004015>