CVE-2019-12617
published 2019-09-26CVE-2019-12617: In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
PriorityP411low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.85%
53.8th percentile
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | framework | >= 4.3.0 < 4.3.5 | 4.3.5 |
| silverstripe | framework | >= 4.4.0 < 4.4.4 | 4.4.4 |
| silverstripe | silverstripe | <= 4.3.3 | — |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SilverStripe Priviledge escalation through cache pollution
osv·2019-11-12
CVE-2019-12617 [LOW] SilverStripe Priviledge escalation through cache pollution
SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
GHSA
SilverStripe Priviledge escalation through cache pollution
ghsa·2019-11-12
CVE-2019-12617 [LOW] SilverStripe Priviledge escalation through cache pollution
SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2019-12617https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2019-12617
2019-09-26
Published