SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Silverstripe
  • Silverstripe

Configuration 1 [-]

OR cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
References
Link Resource
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10 Vendor Advisory
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4 Vendor Advisory
http://open.silverstripe.org/changeset/115182 Exploit Patch
http://open.silverstripe.org/changeset/115185 Exploit
http://secunia.com/advisories/42346 Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/01/03/12
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
http://www.openwall.com/lists/oss-security/2012/05/01/3
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:21:02

Updated: 2022-10-03T16:21:02

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-5087

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-08-26T18:55:01.060

Modified: 2012-08-27T21:05:17.447

Link: CVE-2010-5087

JSON object: View

cve-icon Redhat Information

No data.

CWE