PT-2023-18670 · Silverstripe · Silverstripe/Framework

Matthew Dekker

Published

2023-04-26

Updated

2023-05-04

CVE-2023-22729

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 4.12.15

Description An attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link.

Recommendations For versions prior to 4.12.15, upgrade to Silverstripe Framework 4.12.15 or above to address the issue. As a temporary workaround, consider restricting access to the login screen until a patch is available.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2023-22729

GHSA-FW84-XGM8-9JMV

Affected Products

Silverstripe/Framework

PT-2023-18670 · Silverstripe · Silverstripe/Framework

CVE-2023-22729

Weakness Enumeration

Related Identifiers

Affected Products

References · 11