CVE-2020-11063

Опубликовано: 13 мая 2020

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.

Ссылки

https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574
https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:10.4.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:10.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00292

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-204

CWE-203

Связанные уязвимости

GHSA-347x-877p-hcwx