CVE-2021-21355

EPSS 0.42%
Veröffentlicht 23.03.2021 02:15:12
Zuletzt bearbeitet 21.11.2024 05:48:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 8.0.0 < 8.7.40

Typo3 ≫ Typo3 Version >= 9.0.0 < 9.5.25

Typo3 ≫ Typo3 Version >= 10.0.0 < 10.4.14

Typo3 ≫ Typo3 Version >= 11.0.0 < 11.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.588

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2

Third Party Advisory

https://packagist.org/packages/typo3/cms-form

Third Party Advisory

Release Notes

https://typo3.org/security/advisory/typo3-core-sa-2021-002

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21355

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21355

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21355

EUVD