RSS   Vulnerabilities for 'Silverstripe'   RSS

2022-02-04
 
CVE-2022-0227

CWE-840
 

 
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1.

 
2021-10-07
 
CVE-2021-36150

CWE-79
 

 
SilverStripe Framework through 4.8.1 allows XSS.

 
 
CVE-2021-28661

CWE-863
 

 
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.

 
2021-06-08
 
CVE-2020-26136

CWE-287
 

 
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.

 
 
CVE-2020-26138

CWE-20
 

 
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.

 
2020-07-15
 
CVE-2020-9311

CWE-79
 

 
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

 
 
CVE-2020-6165

CWE-276
 

 
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.

 
 
CVE-2020-6164

CWE-200
 

 
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).

 
 
CVE-2019-19326

CWE-444
 

 
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.

 
2020-02-19
 
CVE-2019-12437

CWE-352
 

 
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,

 


Copyright 2024, cxsecurity.com

 

Back to Top