First published: Tue Apr 25 2023(Updated: )
An attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Upgrade to `silverstripe/framework` 4.12.5 or above to remedy the vulnerability. Reporter: Matthew Dekker
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | <4.12.5 | 4.12.5 |
composer/silverstripe/framework | >=4.0.0<4.12.5 | |
Silverstripe Framework | <4.12.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22729 is an open redirect vulnerability on the CMSSecurity relogin screen in the Silverstripe Framework.
The severity of CVE-2023-22729 is medium with a CVSS score of 6.1.
CVE-2023-22729 affects Silverstripe Framework versions up to and including 4.12.5.
An attacker can display a link to a third-party website on a login screen by convincing a legitimate content author to follow a specially crafted link.
Yes, a fix for CVE-2023-22729 is available in Silverstripe Framework version 4.12.15.