GHSA-v68g-62v9-39w5

Source

https://github.com/advisories/GHSA-v68g-62v9-39w5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-v68g-62v9-39w5/GHSA-v68g-62v9-39w5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v68g-62v9-39w5

Aliases

CVE-2022-29858

Published

2022-06-29T22:40:16Z

Modified

2024-02-21T05:36:26.030891Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Unpublished, protected files can be published via shortcode

Details

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to match the ID of the draft protected image and then publishing the website content.

Database specific

{
    "nvd_published_at": "2022-06-28T22:15:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T22:40:16Z"
}

References

Affected packages

Packagist / silverstripe/assets

Package

Name: silverstripe/assets
Purl: pkg:composer/silverstripe/assets

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.10.1

Affected versions

1.*

1.0.0

1.0.1-rc1

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0-rc1

1.1.0-rc2

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.2.0-beta1

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.3.0-rc1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0-rc1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.5.0-alpha1

1.5.0-rc1

1.5.0-rc2

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0-beta1

1.6.0-rc1

1.6.0

1.6.1

1.7.0-beta1

1.7.0-rc1

1.7.0

1.7.1

1.8.0-beta1

1.8.0-rc1

1.8.0

1.9.0-alpha1

1.9.0-beta1

1.9.0-rc1

1.9.0

1.10.0-beta1

1.10.0-rc1

1.10.0