PT-2019-12714 · Silverstripe · Silverstripe

Publicado

2019-09-25

·

Atualizado

2020-08-24

·

CVE-2019-12245

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions SilverStripe versions prior to 4.3.4
Description The issue concerns incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Recommendations For versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-12245
GHSA-JVX5-RM6Q-GX7P

Produtos afetados

Silverstripe