#VU25680 Information disclosure in SilverStripe Versioned Files Module - CVE-2019-16409
Published: February 28, 2020
Vulnerability identifier: #VU25680
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-16409
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SilverStripe Versioned Files Module
SilverStripe Versioned Files Module
Software vendor:
SilverStripe
SilverStripe
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists within the "secureassets" and "versionedfiles" modules due to the unpublished versions of files are publicly exposed to anyone who can guess their URL. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.