Main Vulnerability Database Vulnerabilities #VU25680

Information disclosure in SilverStripe Versioned Files Module - CVE-2019-16409

Published: February 28, 2020

Vulnerability identifier: #VU25680

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-16409

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SilverStripe

Affected software:
SilverStripe Versioned Files Module

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists within the "secureassets" and "versionedfiles" modules due to the unpublished versions of files are publicly exposed to anyone who can guess their URL. A remote attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2019-16409

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Information disclosure in SilverStripe Versioned Files Module - CVE-2019-16409

Detailed vulnerability description

How to mitigate CVE-2019-16409

Sources

Please verify you're human