Information Disclosure in SilverStripe Framework by SilverStripe
CVE-2020-6164

7.5HIGH

Key Information:

Vendor: Silverstripe
Status: Silverstripe
Vendor: CVE Published:; 15 July 2020

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2020-6164?

In SilverStripe versions up to 4.5.0, a default URL path can inadvertently reveal that a domain is operating a SilverStripe application. While sensitive version details are not disclosed, this exposure can leave installations open to probing by malicious entities. The impact is predominantly observed in a command-line interface (CLI) context, rather than via web interfaces, which may limit immediate exploitation. Additionally, this preconfigured path could obstruct the creation of other resources, such as pages, further complicating site management.

References

https://www.silverstripe.org/download/security-releases/C...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jan 8, 2020

CVE-2020-6164 Data

JSON