GHSA-8v6m-7f5v-hhx6

Source

https://github.com/advisories/GHSA-8v6m-7f5v-hhx6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-8v6m-7f5v-hhx6/GHSA-8v6m-7f5v-hhx6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8v6m-7f5v-hhx6

Published

2024-05-23T19:37:11Z

Modified

2024-11-28T05:41:09.528113Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Silverstripe Brute force bypass on default admin

Details

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-307"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-23T19:37:11Z"
}

References

Affected packages

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.18

Fixed

3.1.19

Affected versions

3.*

3.1.18

3.1.19-rc1

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2.3

Fixed

3.2.4

Affected versions

3.*

3.2.3

3.2.4-rc1

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.1

Fixed

3.3.2

Affected versions

3.*

3.3.1

3.3.2-rc1