CVE-2020-6165

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.silverstripe.org/download/security-releases/CVE-2020-6165	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:silverstripe:silverstripe::::::::
	cpe:2.3:a:silverstripe:silverstripe::::::::
	cpe:2.3:a:silverstripe:silverstripe::::::::

History

No history.

Information

Published : 2020-07-15 21:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-6165

Mitre link : CVE-2020-6165

CVE.ORG link : CVE-2020-6165

JSON object : View

Products Affected

silverstripe

silverstripe

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2020-6165", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-07-15T21:15:13.583", "references": [{"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records."}, {"lang": "es", "value": "SilverStripe versi\u00f3n 4.5.0, permite a atacantes leer determinados registros que no deber\u00edan haberse colocado en un conjunto de resultados. Esto afecta a silverstripe/recipe-cms. El mecanismo autom\u00e1tico de comprobaci\u00f3n de permisos en el m\u00f3dulo silverstripe/graphql no proporciona protecci\u00f3n completa contra listas limitadas (por ejemplo, por medio de la paginaci\u00f3n), lo que resulta en registros que deber\u00edan haber fallado en una comprobaci\u00f3n de permisos que se agrega al conjunto de resultados final. Los endpoints de GraphQL est\u00e1n configurados por defecto (por ejemplo, para activos), pero el endpoint admin/graphql est\u00e1 protegido de acceso por defecto. Esto limita la vulnerabilidad a todos los usuarios autenticados, incluidos aquellos con permisos limitados (por ejemplo, cuando se visualiza registros expuestos por medio de admin/graphql requiere permisos de administrador). Sin embargo, si los endpoints personalizados de GraphQL han sido configurados para una implementaci\u00f3n espec\u00edfica (generalmente bajo /graphql), esta vulnerabilidad tambi\u00e9n podr\u00eda ser explotada por medio de peticiones no autenticadas. Esta vulnerabilidad solo se aplica a la lectura de registros; No permite el cambio no autorizado de registros"}], "lastModified": "2020-07-23T14:22:48.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00765C15-DFBF-4E37-8006-462AD46BD610", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "951F1891-55FB-42FE-9AD3-C5FE30509021", "versionEndExcluding": "3.3.0", "versionStartIncluding": "3.2.5"}, {"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B3D26E-3B53-48B4-9ACB-F2D816F13EA6", "versionEndExcluding": "4.5.3", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}