GHSA-8v6m-7f5v-hhx6 – silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=3.1.18 <3.1.19 || >=3.2.3 <3.2.4 || >=3.3.1 <3.3.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Silverstripe Brute force bypass on default admin Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Metadata

Created: 2024-05-23T19:37:11Z
Modified: 2024-05-23T19:37:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-8v6m-7f5v-hhx6/GHSA-8v6m-7f5v-hhx6.json
CWE IDs: ["CWE-307"]
Alternative ID: N/A
Finding: F053
Auto approve: 1