CVE-2010-5089

SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
silverstripesilverstripe
𝑥
≤ 2.4.1
silverstripesilverstripe
2.0.0
silverstripesilverstripe
2.0.1
silverstripesilverstripe
2.0.2
silverstripesilverstripe
2.1.0
silverstripesilverstripe
2.1.1
silverstripesilverstripe
2.2.0
silverstripesilverstripe
2.2.1
silverstripesilverstripe
2.2.2
silverstripesilverstripe
2.2.4
silverstripesilverstripe
2.3.0
silverstripesilverstripe
2.3.0:rc1
silverstripesilverstripe
2.3.0:rc2
silverstripesilverstripe
2.3.0:rc3
silverstripesilverstripe
2.3.1
silverstripesilverstripe
2.3.1:rc1
silverstripesilverstripe
2.3.1:rc2
silverstripesilverstripe
2.3.2
silverstripesilverstripe
2.3.3
silverstripesilverstripe
2.3.4
silverstripesilverstripe
2.3.5
silverstripesilverstripe
2.3.6
silverstripesilverstripe
2.3.7
silverstripesilverstripe
2.3.8
silverstripesilverstripe
2.3.9
silverstripesilverstripe
2.3.10
silverstripesilverstripe
2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2
http://open.silverstripe.org/changeset/110757
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
http://www.openwall.com/lists/oss-security/2012/05/01/3
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2
http://open.silverstripe.org/changeset/110757
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
http://www.openwall.com/lists/oss-security/2012/05/01/3