CVE-2022-29858

Опубликовано: 28 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.

Ссылки

https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767
Patch
Third Party Advisory
https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/
Exploit
Third Party Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Not Applicable
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2022-29858
Release Notes
Vendor Advisory
https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767
Patch
Third Party Advisory
https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/
Exploit
Third Party Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Not Applicable
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2022-29858
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silverstripe:assets:*:*:*:*:*:*:*:*

Версия до 1.10.1 (исключая)

EPSS

Процентиль: 56%

0.00332

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-v68g-62v9-39w5