First published: Fri Jul 10 2020(Updated: )
CVE-2020-6165: Limited queries break CanViewPermissionChecker
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/graphql | >=3.2.0<3.2.4 | |
composer/silverstripe/graphql | >=3.2.0<3.2.4 | 3.2.4 |
composer/silverstripe/recipe-cms | >=4.5.0<4.5.3 | 4.5.3 |
Silverstripe silverstripe | >=3.2.0<3.2.4 | |
Silverstripe silverstripe | >=3.2.5<3.3.0 | |
Silverstripe silverstripe | >=4.5.0<4.5.3 | |
>=3.2.0<3.2.4 | ||
>=3.2.5<3.3.0 | ||
>=4.5.0<4.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6165 is a vulnerability in SilverStripe 4.5.0 that allows attackers to read certain records that should not have been placed into a result set.
SilverStripe 4.5.0, silverstripe/recipe-cms, and silverstripe/graphql version 3.2.0 to 3.2.4 are affected by CVE-2020-6165.
CVE-2020-6165 has a severity rating of 5.3 (Medium).
To fix CVE-2020-6165, update to silverstripe/graphql version 3.2.5 or higher, or silverstripe/recipe-cms version 4.5.3 or higher.
You can find more information about CVE-2020-6165 at the following references: [SilverStripe Security Releases](https://www.silverstripe.org/download/security-releases/cve-2020-6165), [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-6165), [SilverStripe Security Advisory](https://www.silverstripe.org/download/security-releases/CVE-2020-6165).