silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

2024-05-2721:45:27

Google

osv.dev

silverstripe

user enumeration

timing attack

password reset

security vulnerability

7.3 High

AI Score

Confidence

Low

JSON

User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.

CPENameOperatorVersion
silverstripe/frameworkeq3.6.2-beta2
silverstripe/frameworkeq3.5.0-rc1
silverstripe/frameworkeq3.5.3-rc1
silverstripe/frameworkeq3.5.4-rc1
silverstripe/frameworkeq3.6.2-beta1
silverstripe/frameworkeq3.5.2-rc1
silverstripe/frameworkeq3.5.1-rc2
silverstripe/frameworkeq3.5.0
silverstripe/frameworkeq3.5.1-rc1
silverstripe/frameworkeq3.6.1-alpha2

Name	Operator	Version
silverstripe/framework	eq	3.6.2-beta2
silverstripe/framework	eq	3.5.0-rc1
silverstripe/framework	eq	3.5.3-rc1
silverstripe/framework	eq	3.5.4-rc1
silverstripe/framework	eq	3.6.2-beta1
silverstripe/framework	eq	3.5.2-rc1
silverstripe/framework	eq	3.5.1-rc2
silverstripe/framework	eq	3.5.0
silverstripe/framework	eq	3.5.1-rc1
silverstripe/framework	eq	3.6.1-alpha2

Rows per page:

1-10 of 211

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0

www.silverstripe.org/download/security-releases/ss-2017-005

7.3 High

AI Score

Confidence

Low

JSON