CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

BIT-CANVASLMS-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

CVE-2022-29858: Unpublished, protected files can be published via shortcode

More info at https://www.silverstripe.org/download/security-releases/cve-2022-29858...

GHSA-XM6J-X342-GWQ9 SilverStripe Versioned Files module Unpublished files are exposed publicly

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

SilverStripe Versioned Files module Unpublished files are exposed publicly

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

Information Disclosure

silverstripe/framework is vulnerable to information disclosure. The versions files leaks unpublished versions of files publicly to those users who can guess the URL...