CVE-2022-29858
published 2022-06-28CVE-2022-29858: Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
1.16%
63.1th percentile
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | assets | < 1.10.1 | 1.10.1 |
| silverstripe | assets | >= 1.0.0 < 1.10.1 | 1.10.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unpublished, protected files can be published via shortcode
osv·2022-06-29
CVE-2022-29858 [MEDIUM] Unpublished, protected files can be published via shortcode
Unpublished, protected files can be published via shortcode
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to match the ID of the draft protected image and then publishing the website content.
GHSA
Unpublished, protected files can be published via shortcode
ghsa·2022-06-29
CVE-2022-29858 [MEDIUM] CWE-287 Unpublished, protected files can be published via shortcode
Unpublished, protected files can be published via shortcode
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to match the ID of the draft protected image and then publishing the website content.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forum.silverstripe.org/c/releaseshttps://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/https://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/cve-2022-29858https://forum.silverstripe.org/c/releaseshttps://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/https://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/cve-2022-29858
2022-06-28
Published