CVE-2020-6165
https://notcve.org/view.php?id=CVE-2020-6165
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). • https://www.silverstripe.org/download/security-releases/CVE-2020-6165 • CWE-276: Incorrect Default Permissions •
CVE-2019-19326
https://notcve.org/view.php?id=CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists. Los sitios de Silverstripe CMS versiones hasta 4.4.4 que han optado por Encabezados HTTP Cache en las respuestas atendidas por medio de la capa HTTP del framework pueden ser vulnerables al envenenamiento de la caché web. Mediante la modificación de los encabezados X-Original-Url y X-HTTP-Method-Override, las respuestas con encabezados HTTP maliciosos pueden devolver respuestas inesperadas a otros consumidores de esta respuesta almacenada en caché. • https://www.silverstripe.org/download/security-releases/CVE-2019-19326 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-9280
https://notcve.org/view.php?id=CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x. En SilverStripe versiones hasta 4.5, los archivos cargados por medio de Formularios hacia carpetas migradas desde Silverstripe CMS versiones 3.x, pueden ser colocados en la carpeta predeterminada "/Uploads". • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2020-9280 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-12246
https://notcve.org/view.php?id=CVE-2019-12246
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. SilverStripe versiones hasta 4.3.3, permite una Denegación de Servicio en herramientas URL de descarga y desarrollo. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-12437
https://notcve.org/view.php?id=CVE-2019-12437
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, En SilverStripe versiones hasta 4.3.3, la corrección anterior para SS-2018-007 no mitiga completamente el riesgo de un ataque de tipo CSRF en mutaciones de GraphQL. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-352: Cross-Site Request Forgery (CSRF) •