GHSA-p5h2-vr99-xm99 – silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=3.1.19-rc1 <3.1.20 || >=3.2.4-rc1 <3.2.5 || >=3.3.2-rc1 <3.3.3 || >=3.4.0-rc1 <3.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.

Metadata

Created: 2024-05-27T18:36:59Z
Modified: 2024-05-27T18:37:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-p5h2-vr99-xm99/GHSA-p5h2-vr99-xm99.json
CWE IDs: ["CWE-287"]
Alternative ID: N/A
Finding: F039
Auto approve: 1