CVE-2020-6165
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.
SilverStripe versión 4.5.0, permite a atacantes leer determinados registros que no deberían haberse colocado en un conjunto de resultados. Esto afecta a silverstripe/recipe-cms. El mecanismo automático de comprobación de permisos en el módulo silverstripe/graphql no proporciona protección completa contra listas limitadas (por ejemplo, por medio de la paginación), lo que resulta en registros que deberían haber fallado en una comprobación de permisos que se agrega al conjunto de resultados final. Los endpoints de GraphQL están configurados por defecto (por ejemplo, para activos), pero el endpoint admin/graphql está protegido de acceso por defecto. Esto limita la vulnerabilidad a todos los usuarios autenticados, incluidos aquellos con permisos limitados (por ejemplo, cuando se visualiza registros expuestos por medio de admin/graphql requiere permisos de administrador). Sin embargo, si los endpoints personalizados de GraphQL han sido configurados para una implementación específica (generalmente bajo /graphql), esta vulnerabilidad también podría ser explotada por medio de peticiones no autenticadas. Esta vulnerabilidad solo se aplica a la lectura de registros; No permite el cambio no autorizado de registros
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-08 CVE Reserved
- 2020-07-15 CVE Published
- 2023-03-31 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/CVE-2020-6165 | 2020-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Silverstripe Search vendor "Silverstripe" | Silverstripe Search vendor "Silverstripe" for product "Silverstripe" | >= 3.2.0 < 3.2.4 Search vendor "Silverstripe" for product "Silverstripe" and version " >= 3.2.0 < 3.2.4" | - |
Affected
| ||||||
| Silverstripe Search vendor "Silverstripe" | Silverstripe Search vendor "Silverstripe" for product "Silverstripe" | >= 3.2.5 < 3.3.0 Search vendor "Silverstripe" for product "Silverstripe" and version " >= 3.2.5 < 3.3.0" | - |
Affected
| ||||||
| Silverstripe Search vendor "Silverstripe" | Silverstripe Search vendor "Silverstripe" for product "Silverstripe" | >= 4.5.0 < 4.5.3 Search vendor "Silverstripe" for product "Silverstripe" and version " >= 4.5.0 < 4.5.3" | - |
Affected
| ||||||