CVE-2023-32302 in Silverstripeinformazioni

Riassunto

di MITRE • 01/08/2023

Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

GitHub, Inc.

Prenotare

08/05/2023

Divulgazione

01/08/2023

Moderazione

accettato

CPE

pronto

EPSS

0.00000

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!