CVE-2020-6164

{"id": "CVE-2020-6164", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-15T21:15:13.490", "references": [{"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page)."}, {"lang": "es", "value": "En SilverStripe versiones hasta 4.5.0, una ruta URL espec\u00edfica configurada por defecto por medio del m\u00f3dulo silverstripe/framework puede ser usada para revelar el hecho de que un dominio aloja una aplicaci\u00f3n Silverstripe. No se presenta divulgaci\u00f3n de la versi\u00f3n espec\u00edfica. La funcionalidad en esta ruta URL est\u00e1 limitada a una ejecuci\u00f3n en un contexto de CLI, y no se sabe que presente una vulnerabilidad por medio del acceso basado en la web. Como efecto secundario, esta ruta preconfigurada tambi\u00e9n bloquea la creaci\u00f3n de otros recursos en esta ruta (por ejemplo, una p\u00e1gina)"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD4EAB7B-E315-42D6-AEBE-C4707D12F6E7", "versionEndIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2589F5-9B99-4DE2-96F0-F59D7F58987D", "versionEndExcluding": "4.4.7", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C4AD7A3-B9F1-463E-95D8-B47AF68463FE", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}