2 matches found
CVE-2020-26136
CVE-2020-26136 affects SilverStripe GraphQL prior to fixes in 4.6.0-rc1, where MFA is not honored when basic authentication is used. Several connected advisories corroborate an authentication bypass risk via the GraphQL module, with mitigation notes indicating that basic-auth has been removed by ...
CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth
More info at https://www.silverstripe.org/download/security-releases/cve-2020-26136...