First published: Mon Jun 27 2022(Updated: )
CVE-2022-29858: Unpublished, protected files can be published via shortcode
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/assets | >=1.0.0<1.10.1 | |
Silverstripe Assets | <1.10.1 |
https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29858 is a vulnerability in the Silverstripe assets module that allows unpublished protected images to be published by changing an existing image shortcode in website content.
CVE-2022-29858 affects the Silverstripe assets module versions 1.0.0 up to 1.10.1.
CVE-2022-29858 has a severity rating of 4.3 (medium).
To fix the CVE-2022-29858 vulnerability, update the Silverstripe assets module to a version beyond 1.10.1.
More information about CVE-2022-29858 can be found on the Silverstripe website: https://www.silverstripe.org/download/security-releases/cve-2022-29858.