What is CVE-2020-11063?

CVE-2020-11063 is a low-severity vulnerability in Typo3 Cms, classified under Observable Response Discrepancy. CVSS score: 3.7/10. Published 2020-05-13.

How severe is CVE-2020-11063?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Typo3 Cms

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigne…

EPSS: 0.003 (52.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Typo3 Cms — versions >= 10.4.0, <= 10.4.1

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx (x_refsource_CONFIRM)
https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-11063?: CVE-2020-11063 is a low-severity vulnerability in Typo3 Cms, classified under Observable Response Discrepancy. CVSS score: 3.7/10. Published 2020-05-13.
How severe is CVE-2020-11063?: Low severity. CVSS v3 base score is 3.7 out of 10.