CVE-2022-29858

Published: Jun 28, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.

Affected (1)

Products: Silverstripe: Assets

Silverstripe

1 product

Assets

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Assets	Before 1.10.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

https://forum.silverstripe.org/c/releases

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767

Source: cve@mitre.org

PatchThird Party Advisory

https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.silverstripe.org/blog/tag/release

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.silverstripe.org/download/security-releases/

Source: cve@mitre.org

Not ApplicableVendor Advisory

https://www.silverstripe.org/download/security-releases/cve-2022-29858

Source: cve@mitre.org

Release NotesVendor Advisory

https://forum.silverstripe.org/c/releases