CVE-2020-6164

Name of the Vulnerable Software and Affected Versions SilverStripe versions through 4.5.0

Description A specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a SilverStripe application, without revealing the specific version. This functionality is limited to execution in a CLI context and is not known to present a risk through web-based access. Additionally, this preconfigured path blocks the creation of other resources on this path, such as a page.

Recommendations For versions through 4.5.0, consider restricting access to the specific URL path configured by default through the silverstripe/framework module to minimize the risk of disclosure. As a temporary workaround, consider disabling the functionality associated with this URL path until a more permanent solution is available.