PT-2019-12894 · Silverstripe · Silverstripe

Serge Latyntcev

·

Published

2019-09-26

·

Updated

2020-08-24

·

CVE-2019-12617

CVSS v2.0

4.0

Medium

VectorAV:N/AC:L/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions SilverStripe versions prior to 4.3.4
Description The issue allows access escalation for CMS users with limited access through permission cache pollution.
Recommendations For SilverStripe versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2019-12617
GHSA-6R58-4XGR-GM6M

Affected Products

Silverstripe