SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
                
            References
                    | Link | Resource | 
|---|---|
| https://forum.silverstripe.org/c/releases | Release Notes Vendor Advisory | 
| https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | 
| https://www.silverstripe.org/download/security-releases/CVE-2019-12245 | Vendor Advisory | 
| https://forum.silverstripe.org/c/releases | Release Notes Vendor Advisory | 
| https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | 
| https://www.silverstripe.org/download/security-releases/CVE-2019-12245 | Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2019-09-25 19:15
Updated : 2024-11-21 04:22
NVD link : CVE-2019-12245
Mitre link : CVE-2019-12245
CVE.ORG link : CVE-2019-12245
JSON object : View
Products Affected
                silverstripe
- silverstripe
CWE
                
                    
                        
                        CWE-732
                        
            Incorrect Permission Assignment for Critical Resource
