CVE-2017-12849

Published: Oct 12, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.

Affected (2)

Products: Silverstripe: Silverstripe

Silverstripe

1 product

Silverstripe

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Up to 3.5.4
Silverstripe Silverstripe	Version 3.6.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.silverstripe.org/download/security-releases/ss-2017-005

Source: cve@mitre.org

Vendor Advisory

https://www.silverstripe.org/download/security-releases/ss-2017-005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.