exploitDog

CVE-2019-12617

Опубликовано: 26 сент. 2019

Источник: nvd

CVSS3: 2.7

CVSS2: 4

EPSS Низкий

Описание

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.

Ссылки

https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/CVE-2019-12617
Vendor Advisory
https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/CVE-2019-12617
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*

Версия до 4.3.3 (включая)

EPSS

Процентиль: 53%

0.00304

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6r58-4xgr-gm6m

CVSS3: 2.7

github

около 6 лет назад

SilverStripe Priviledge escalation through cache pollution

EPSS

Процентиль: 53%

0.00304

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo