CVE-2019-16409

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16409

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16409.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-16409

Aliases

GHSA-xm6j-x342-gwq9

Published

2019-09-26T16:15:11Z

Modified

2024-10-12T04:31:33.938267Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)

References

Affected packages

Git / github.com/silverstripe/silverstripe-framework

Affected ranges

Type: GIT
Repo: https://github.com/silverstripe/silverstripe-framework
Events: Introduced

bfa436bb2a6f4534e82130dda38b625f25634578

Last affected

b1dc89ef8a6325aba23ccaaaa805a6e94054eece

Type: GIT
Repo: https://github.com/symbiote/silverstripe-versionedfiles
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7b5919b6bd232ee6240315bc08989f370e197db3

Affected versions

0.*

0.1.0

0.1.1

0.2.0-alpha1

1.*

1.0.1

1.0.10

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.4.10

2.4.6

2.4.7

2.4.8

2.4.8-rc1

2.4.9

3.*

3.0.0

3.0.0-rc3

3.0.1

3.0.1-rc1

3.0.1-rc2

3.0.1-rc3

3.0.10

3.0.10-rc1

3.0.11

3.0.11-rc1

3.0.2

3.0.2-rc1

3.0.2-rc2

3.0.3

3.0.3-rc1

3.0.3-rc2

3.0.4

3.0.5

3.0.6

3.0.6-rc1

3.0.6-rc2

3.0.7

3.0.8

3.0.9

3.0.9-rc1

3.1.0

3.1.0-beta1

3.1.0-rc1

3.1.0-rc3

3.1.1

3.1.10

3.1.10-rc1

3.1.10-rc2

3.1.11

3.1.11-rc1

3.1.12

3.1.13

3.1.13-rc1

3.1.14

3.1.14-rc1

3.1.15

3.1.16

3.1.16-rc1

3.1.17

3.1.17-rc1

3.1.17-rc2

3.1.18

3.1.18-rc1

3.1.18-rc2

3.1.19

3.1.19-rc1

3.1.2

3.1.2-rc1

3.1.20

3.1.20-rc1

3.1.20-rc2

3.1.21

3.1.3

3.1.3-rc1

3.1.3-rc2

3.1.4

3.1.4-rc1

3.1.5

3.1.5-rc1

3.1.6

3.1.6-rc1

3.1.6-rc2

3.1.6-rc3

3.1.7

3.1.7-rc1

3.1.8

3.1.9

3.1.9-rc1

3.2.0

3.2.0-beta1

3.2.0-beta2

3.2.0-rc1

3.2.0-rc2

3.2.1

3.2.1-rc1

3.2.1-rc2

3.2.2

3.2.2-rc1

3.2.2-rc2

3.2.3

3.2.3-rc1

3.2.3-rc2

3.2.4

3.2.4-rc1

3.2.5

3.2.5-rc1

3.2.5-rc2

3.2.6

3.3.0

3.3.0-beta1

3.3.0-rc1

3.3.0-rc2

3.3.0-rc3

3.3.1

3.3.1-rc1

3.3.1-rc2

3.3.2

3.3.2-rc1

3.3.3

3.3.3-rc1

3.3.3-rc2

3.3.4

3.4.0

3.4.0-rc1

3.4.1

3.4.1-rc1

3.4.1-rc2

3.4.2

3.4.3

3.4.3-rc1

3.4.4

3.4.4-rc1

3.4.5

3.4.5-rc1

3.4.6

3.4.6-rc1

3.4.6-rc2

3.5.0

3.5.0-rc1

3.5.0-rc2

3.5.0-rc3

3.5.1

3.5.1-rc1

3.5.1-rc2

3.5.2

3.5.2-rc1

3.5.3

3.5.3-rc1

3.5.4

3.5.4-rc1

3.5.5

3.5.5-beta1

3.5.5-beta2

3.5.6

3.5.6-rc1

3.5.7

3.5.8

3.5.8-rc1

3.6.0

3.6.0-beta1

3.6.0-beta2

3.6.0-rc1

3.6.1

3.6.1-alpha2

3.6.2

3.6.2-beta1

3.6.2-beta2

3.6.3

3.6.3-rc2

3.6.4

3.6.5

3.6.6

3.6.6-rc1

3.6.7

3.7.0

3.7.1

3.7.1-rc1

3.7.2

3.7.3

3.7.4