silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled

2024-05-2718:53:40

Google

osv.dev

silverstripe framework

pre-existing cookies

remember me

disabled

authenticate

users

software

7 High

AI Score

Confidence

Low

JSON

If remember me is on and users log in with the box checked, if the developer then disabled “remember me” function, any pre-existing cookies will continue to authenticate users.

CPENameOperatorVersion
silverstripe/frameworkeq3.2.4
silverstripe/frameworkeq3.4.1-rc2
silverstripe/frameworkeq3.3.3-rc1
silverstripe/frameworkeq3.1.19-rc1
silverstripe/frameworkeq3.2.4-rc1
silverstripe/frameworkeq3.4.0
silverstripe/frameworkeq3.1.19
silverstripe/frameworkeq3.4.1-rc1
silverstripe/frameworkeq3.1.20-rc1
silverstripe/frameworkeq3.2.5-rc2

Name	Operator	Version
silverstripe/framework	eq	3.2.4
silverstripe/framework	eq	3.4.1-rc2
silverstripe/framework	eq	3.3.3-rc1
silverstripe/framework	eq	3.1.19-rc1
silverstripe/framework	eq	3.2.4-rc1
silverstripe/framework	eq	3.4.0
silverstripe/framework	eq	3.1.19
silverstripe/framework	eq	3.4.1-rc1
silverstripe/framework	eq	3.1.20-rc1
silverstripe/framework	eq	3.2.5-rc2

Rows per page:

1-10 of 161

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822

github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e

github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f

github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6

www.silverstripe.org/download/security-releases/ss-2016-014

7 High

AI Score

Confidence

Low

JSON