CVE-2020-11063 Vulnerability Details

  /     /     /  

CVE-2020-11063 Metadata Quick Info

CVE Published: 13/05/2020 | CVE Updated: 03/12/2024 | CVE Year: 2020
Source: GitHub_M | Vendor: TYPO3 | Product: TYPO3 CMS
Status : PUBLISHED

---

CVE-2020-11063 Description

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.

Metrics

CVSS Version: 3.1 | Base Score: 3.7 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-204
CWE Name: CWE-204: Observable Response Discrepancy
Source: TYPO3

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).