cnvd - cnvd-2022-17971

cnvd-2022-17971

Vulnerability from cnvd

Title

TYPO3跨站请求伪造漏洞

Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。URL redirect是使用在其中的一个URL重定向扩展插件。 TYPO3存在跨站请求伪造漏洞，该漏洞源于软件特性允许用户在后端用户界面中创建和共享深度链接，未充分验证请求是否来自可信用户，攻击者可利用该漏洞创建一个新的管理用户帐户来破坏系统。

Severity

中

Patch Name

TYPO3跨站请求伪造漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://typo3.org/security/advisory/typo3-core-sa-2020-006

Reference

https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f

Impacted products

Name
TYPO3 TYPO3 <11.5.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-41113",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-41113"
    }
  },
  "description": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002URL redirect\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aURL\u91cd\u5b9a\u5411\u6269\u5c55\u63d2\u4ef6\u3002\n\nTYPO3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u7279\u6027\u5141\u8bb8\u7528\u6237\u5728\u540e\u7aef\u7528\u6237\u754c\u9762\u4e2d\u521b\u5efa\u548c\u5171\u4eab\u6df1\u5ea6\u94fe\u63a5\uff0c\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u7ba1\u7406\u7528\u6237\u5e10\u6237\u6765\u7834\u574f\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://typo3.org/security/advisory/typo3-core-sa-2020-006",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-17971",
  "openTime": "2022-03-10",
  "patchDescription": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002URL redirect\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aURL\u91cd\u5b9a\u5411\u6269\u5c55\u63d2\u4ef6\u3002\r\n\r\nTYPO3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u7279\u6027\u5141\u8bb8\u7528\u6237\u5728\u540e\u7aef\u7528\u6237\u754c\u9762\u4e2d\u521b\u5efa\u548c\u5171\u4eab\u6df1\u5ea6\u94fe\u63a5\uff0c\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u7ba1\u7406\u7528\u6237\u5e10\u6237\u6765\u7834\u574f\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TYPO3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TYPO3 TYPO3 \u003c11.5.0"
  },
  "referenceLink": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-10",
  "title": "TYPO3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2021-41113 (GCVE-0-2021-41113)

Vulnerability from cvelistv5

Published

2021-10-05 17:20

Modified

2024-08-04 02:59

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.

References

URL

Tags

	https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw	x_refsource_CONFIRM
	https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f	x_refsource_MISC
	https://typo3.org/security/advisory/typo3-core-sa-2020-006	x_refsource_MISC