Cross-Site Request Forgery in Movable Type Products by Six Apart
CVE-2020-5576

8.8HIGH

Key Information:

Vendor

Six Apart Ltd.

Status
Movable Type
Vendor
CVE Published:
14 May 2020

What is CVE-2020-5576?

A Cross-Site Request Forgery (CSRF) vulnerability in multiple versions of Movable Type allows remote attackers to hijack the authentication of administrators. This vulnerability affects several Movable Type products, including Movable Type 7, Movable Type Advanced, and various older versions. The flaw could enable attackers to perform unauthorized actions on behalf of unsuspecting users, posing a significant risk to website integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Movable Type Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier

References

https://movabletype.org/news/2020/05/mt-730-660-6312-rele...
x_refsource_MISC
https://jvn.jp/en/jp/JVN28806943/index.html
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.