Lucene search

[email protected]NVD:CVE-2010-5092

HistoryAug 26, 2012 - 6:55 p.m.

CVE-2010-5092

2012-08-2618:55:01

CWE-255

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

Affected configurations

NVD

Node

silverstripesilverstripeMatch2.4.0

References

doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

open.silverstripe.org/changeset/107532

open.silverstripe.org/ticket/5772

www.openwall.com/lists/oss-security/2012/04/30/1

www.openwall.com/lists/oss-security/2012/04/30/3

www.openwall.com/lists/oss-security/2012/05/01/3

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2010-5092

cvelist1 cve1 prion1