Lucene search

GitHub_MVULNRICHMENT:CVE-2024-29885

HistoryJul 17, 2024 - 7:35 p.m.

CVE-2024-29885 Reports are still accessible even when `canView()` returns false in silverstripe/reports

2024-07-1719:35:58

CWE-200

GitHub_M

github.com

cve-2024-29885

silverstripe framework

access control

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

16.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView() method for that report returns false. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "silverstripe",
    "product": "silverstripe-reports",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.2.3"
      }
    ]
  }
]

References

github.com/silverstripe/silverstripe-reports/commit/0351106c18ad4246d983b5f4e082c09c382121f4

github.com/silverstripe/silverstripe-reports/security/advisories/GHSA-89q6-98xx-4ffw

www.silverstripe.org/download/security-releases/cve-2024-29885

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

16.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-29885