5.3

CVE-2019-16409

EPSS 0.3%
Veröffentlicht 26.09.2019 16:15:11
Zuletzt bearbeitet 21.11.2024 04:30:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silverstripe ≫ Silverstripe Version >= 3.0.0 <= 3.7.4

Symbiote ≫ Versionedfiles SwPlatformsilverstripe Version <= 2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.501

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/silverstripe/silverstripe-framework

Third Party Advisory

Product

https://github.com/symbiote/silverstripe-versionedfiles

Third Party Advisory

Product

https://www.silverstripe.org/download/security-releases/cve-2019-16409

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-16409

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16409

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16409

EUVD