Symbiote Versioned Files 2.0.3 for SilverStripe

CPE Details

Symbiote Versioned Files 2.0.3 for SilverStripe
symbiote
versionedfiles
2.0.3
2019-09-27
15h59 +00:00
2021-03-08
17h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:symbiote:versionedfiles:2.0.3:*:*:*:*:silverstripe:*:*

Informations

Vendor

symbiote

Product

versionedfiles

Version

2.0.3

Target Software

silverstripe

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-16409 2019-09-26 12h36 +00:00 In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)
5.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.