CVE-2019-12617 — Framework vulnerability

3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.3%

top 46.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 26

Latest updateNov 12

Description

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

▶Packagistsilverstripe/framework4.4.0 — 4.4.4+1

OSV

SilverStripe Priviledge escalation through cache pollution↗2019-11-12

▶

GHSA

SilverStripe Priviledge escalation through cache pollution↗2019-11-12

▶