Headline

GHSA-fw84-xgm8-9jmv: Open redirect vulnerability on CMSSecurity relogin screen

An attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link.

Upgrade to silverstripe/framework 4.12.5 or above to remedy the vulnerability.

Reporter: Matthew Dekker

2 years ago

ghsa

Open in Source

#vulnerability #web #git #auth

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

GitHub Advisory Database
GitHub Reviewed
CVE-2023-22729

Open redirect vulnerability on CMSSecurity relogin screen

Package

composer silverstripe/framework (Composer)

Affected versions

< 4.12.5

Description

Published to the GitHub Advisory Database

Apr 26, 2023

Last updated

Apr 26, 2023

Severity

CVSS base metrics

User interaction

Required

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses

GHSA ID

GHSA-fw84-xgm8-9jmv

Source code

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

2 years ago

CVE

Open in Source

#web #google #git #auth