Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
References
Configurations
History
21 Nov 2024, 06:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://forum.silverstripe.org/c/releases - Release Notes, Vendor Advisory | |
References | () https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767 - Patch, Third Party Advisory | |
References | () https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/ - Exploit, Third Party Advisory | |
References | () https://www.silverstripe.org/blog/tag/release - Release Notes, Vendor Advisory | |
References | () https://www.silverstripe.org/download/security-releases/ - Not Applicable, Vendor Advisory | |
References | () https://www.silverstripe.org/download/security-releases/cve-2022-29858 - Release Notes, Vendor Advisory |
08 Jul 2022, 01:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
References | (MISC) https://www.silverstripe.org/download/security-releases/ - Not Applicable, Vendor Advisory | |
References | (MISC) https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767 - Patch, Third Party Advisory | |
References | (MISC) https://www.silverstripe.org/blog/tag/release - Release Notes, Vendor Advisory | |
References | (MISC) https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/ - Exploit, Third Party Advisory | |
References | (MISC) https://forum.silverstripe.org/c/releases - Release Notes, Vendor Advisory | |
References | (MISC) https://www.silverstripe.org/download/security-releases/cve-2022-29858 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:silverstripe:assets:*:*:*:*:*:*:*:* | |
CWE | CWE-287 |
06 Jul 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | |
References |
|
28 Jun 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-28 22:15
Updated : 2024-11-21 06:59
NVD link : CVE-2022-29858
Mitre link : CVE-2022-29858
CVE.ORG link : CVE-2022-29858
JSON object : View
Products Affected
silverstripe
- assets
CWE
CWE-287
Improper Authentication