Insecure Permissions in Silverstripe Subsites by Silverstripe
CVE-2022-42949

7.5HIGH

Key Information:

Vendor: Silverstripe
Status: Subsites
Vendor: CVE Published:; 21 December 2022

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2022-42949?

The Silverstripe Subsites component, up to version 2.6.0, is susceptible to a vulnerability that arises from insecure permissions. This flaw could allow unauthorized users to gain access to restricted areas within a web application, resulting in potential data exposure and unauthorized actions. It is crucial for users of this product to apply the necessary updates to mitigate the associated risks.

References

https://www.silverstripe.org/download/security-releases/

https://www.silverstripe.org/download/security-releases/c...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2022
Vulnerability Reserved
Oct 15, 2022

CVE-2022-42949 Data

JSON