CVE-2019-19326
https://notcve.org/view.php?id=CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists. Los sitios de Silverstripe CMS versiones hasta 4.4.4 que han optado por Encabezados HTTP Cache en las respuestas atendidas por medio de la capa HTTP del framework pueden ser vulnerables al envenenamiento de la caché web. Mediante la modificación de los encabezados X-Original-Url y X-HTTP-Method-Override, las respuestas con encabezados HTTP maliciosos pueden devolver respuestas inesperadas a otros consumidores de esta respuesta almacenada en caché. • https://www.silverstripe.org/download/security-releases/CVE-2019-19326 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-12246
https://notcve.org/view.php?id=CVE-2019-12246
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. SilverStripe versiones hasta 4.3.3, permite una Denegación de Servicio en herramientas URL de descarga y desarrollo. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-12437
https://notcve.org/view.php?id=CVE-2019-12437
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, En SilverStripe versiones hasta 4.3.3, la corrección anterior para SS-2018-007 no mitiga completamente el riesgo de un ataque de tipo CSRF en mutaciones de GraphQL. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-16409
https://notcve.org/view.php?id=CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) En el módulo Versioned Files versiones hasta 2.0.3 para SilverStripe versiones 3.x, las versiones no publicadas de archivos se exponen públicamente a cualquiera que pueda adivinar su URL. • https://github.com/silverstripe/silverstripe-framework https://github.com/symbiote/silverstripe-versionedfiles https://www.silverstripe.org/download/security-releases/cve-2019-16409 •
CVE-2019-12617
https://notcve.org/view.php?id=CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. En SilverStripe versiones hasta 4.3.3, se presenta una escalada de acceso para usuarios de CMS con acceso limitado mediante la contaminación de la caché de permisos. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2019-12617 •