6

CVE-2020-4050

set-screen-option filter misuse by plugins leading to privilege escalation in WordPress

WordPress Core < 5.4.2 - Arbitrary User Meta Update

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.34, 3.8.34, 3.9.32, 4.0.31, 4.1.31, 4.2.28, 4.3.24, 4.4.23, 4.5.22, 4.6.19, 4.7.18, 4.8.14, 4.9.15, 5.0.10, 5.1.6, 5.2.7, 5.3.4, 5.4.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version >= 3.7 < 3.7.34
WordpressWordpress Version >= 3.8 < 3.8.34
WordpressWordpress Version >= 3.9 < 3.9.32
WordpressWordpress Version >= 4.0 < 4.0.31
WordpressWordpress Version >= 4.1 < 4.1.31
WordpressWordpress Version >= 4.2 < 4.2.28
WordpressWordpress Version >= 4.3 < 4.3.24
WordpressWordpress Version >= 4.4 < 4.4.23
WordpressWordpress Version >= 4.5 < 4.5.22
WordpressWordpress Version >= 4.6 < 4.6.19
WordpressWordpress Version >= 4.7 < 4.7.18
WordpressWordpress Version >= 4.8 < 4.8.14
WordpressWordpress Version >= 4.9 < 4.9.15
WordpressWordpress Version >= 5.0 < 5.0.10
WordpressWordpress Version >= 5.1 < 5.1.6
WordpressWordpress Version >= 5.2 < 5.2.7
WordpressWordpress Version >= 5.3.0 < 5.3.4
WordpressWordpress Version >= 5.4 < 5.4.2
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7-3.7.33
Version 3.8-3.8.33
Version 3.9-3.9.31
Version 4.0-4.0.30
Version 4.1-4.1.30
Version 4.2-4.2.27
Version 4.3-4.3.23
Version 4.4-4.4.22
Version 4.5-4.5.21
Version 4.6-4.6.18
Version 4.7-4.7.17
Version 4.8-4.8.13
Version 4.9-4.9.14
Version 5.0-5.0.9
Version 5.1-5.1.5
Version 5.2-5.2.6
Version 5.3-5.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.1 1.6 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
security-advisories@github.com 3.5 1.8 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
Vendor Advisory
Release Notes
https://www.debian.org/security/2020/dsa-4709
Third Party Advisory
https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
Patch
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/8746bd3a-6e2b-4ed2-9b21-4ed5a0e58de8
Third Party Advisory