CVE-2022-29858

Name of the Vulnerable Software and Affected Versions Silverstripe silverstripe/assets versions through 1.10

Description The issue is related to improper access control, allowing protected images to be published by changing an existing image short code on website content. Specifically, draft protected images can be published by modifying the existing image shortcode to match the ID of the draft protected image and then publishing the website content.

Recommendations For versions through 1.10, consider restricting access to the image shortcode feature until a patch is available. As a temporary workaround, avoid using the image shortcode to publish draft protected images. At the moment, there is no information about a newer version that contains a fix for this vulnerability.