CPE Details
Symbiote Versioned Files 0.1.1 for SilverStripe
0.1.1
2019-09-27
16h00 +00:00
16h00 +00:00
2021-08-16
12h57 +00:00
12h57 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:symbiote:versionedfiles:0.1.1:*:*:*:*:silverstripe:*:*
Informations
Vendor
symbioteProduct
versionedfilesVersion
0.1.1Target Software
silverstripeRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) | 5.3 |
Medium |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.