Main Vulnerability Database SB2019112622

SB2019112622 - Information disclosure in SilverStripe Versioned Files Module

Published: November 26, 2019 Updated: February 28, 2020

Security Bulletin ID SB2019112622

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2019-16409)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists within the "secureassets" and "versionedfiles" modules due to the unpublished versions of files are publicly exposed to anyone who can guess their URL. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/silverstripe/silverstripe-framework
https://github.com/symbiote/silverstripe-versionedfiles
https://www.silverstripe.org/download/security-releases/cve-2019-16409