CVE-2017-20164 – symbiote/silverstripe-seed

Package

Manager: composer
Name: symbiote/silverstripe-seed
Vulnerable Version: >=0 <6.0.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00046 pctl0.13464

Details

Symbiote Seed Open Redirect vulnerability A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function `onBeforeSecurityLogin` of the file `code/extensions/SecurityLoginExtension.php` of the component `Login`. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 can address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.

Metadata

Created: 2023-01-07T21:30:38Z
Modified: 2023-01-12T22:47:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-wm32-3r4m-jvcc/GHSA-wm32-3r4m-jvcc.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-wm32-3r4m-jvcc
Finding: F156
Auto approve: 1