GHSA-R3PR-FH25-WRFC silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password fields...

SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...