GHSA-xpff-c35g-j3cr

Suggest an improvement
Source
https://github.com/advisories/GHSA-xpff-c35g-j3cr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-xpff-c35g-j3cr/GHSA-xpff-c35g-j3cr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-xpff-c35g-j3cr
Published
2024-05-27T22:28:13Z
Modified
2024-12-02T05:45:05.453584Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
silverstripe/framework Privilege Escalation Risk in Member Edit form
Details

A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level.

CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-268"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-27T22:28:13Z"
}
References

Affected packages

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.7-rc1
Fixed
3.5.8

Affected versions

3.*

3.5.7
3.5.8-rc1

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6.0-rc1
Fixed
3.6.6

Affected versions

3.*

3.6.0-rc1
3.6.0
3.6.1-alpha2
3.6.1
3.6.2-beta1
3.6.2-beta2
3.6.2
3.6.3-rc2
3.6.3
3.6.4
3.6.5
3.6.6-rc1

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0-rc1
Fixed
4.0.4

Affected versions

4.*

4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.0.0
4.0.1-rc1
4.0.1
4.0.2
4.0.3

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0-rc1
Fixed
4.1.1

Affected versions

4.*

4.1.0-rc1
4.1.0-rc2
4.1.0