CVE-2022-29858

EUVD-2022-6159
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
silverstripeassets
𝑥
< 1.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://forum.silverstripe.org/c/releases
https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767
https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/
https://www.silverstripe.org/blog/tag/release
https://www.silverstripe.org/download/security-releases/
https://www.silverstripe.org/download/security-releases/cve-2022-29858
https://forum.silverstripe.org/c/releases
https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767
https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/
https://www.silverstripe.org/blog/tag/release
https://www.silverstripe.org/download/security-releases/
https://www.silverstripe.org/download/security-releases/cve-2022-29858