GoogleOSV:GHSA-FW84-XGM8-9JMVOpen redirect vulnerability on CMSSecurity relogin screen
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
32.3%
An attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link.
Upgrade to silverstripe/framework 4.12.5 or above to remedy the vulnerability.
Reporter: Matthew Dekker
References
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
github.com/silverstripe/silverstripe-framework
github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
nvd.nist.gov/vuln/detail/CVE-2023-22729
www.silverstripe.org/download/security-releases/cve-2023-22729
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
32.3%