CVE-2019-12245

Опубликовано: 25 сент. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.

Ссылки

https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/CVE-2019-12245
Vendor Advisory
https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/CVE-2019-12245
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*

Версия до 4.3.3 (включая)

EPSS

Процентиль: 48%

0.00255

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-jvx5-rm6q-gx7p