CVE Vulnerabilities

CVE-2011-4961

Published: Sep 17, 2012 | Modified: Oct 15, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.

Affected Software

Name Vendor Start Version End Version
Silverstripe Silverstripe 2.3.0 (including) 2.3.0 (including)
Silverstripe Silverstripe 2.3.1 (including) 2.3.1 (including)
Silverstripe Silverstripe 2.3.2 (including) 2.3.2 (including)
Silverstripe Silverstripe 2.3.3 (including) 2.3.3 (including)
Silverstripe Silverstripe 2.3.4 (including) 2.3.4 (including)
Silverstripe Silverstripe 2.3.5 (including) 2.3.5 (including)
Silverstripe Silverstripe 2.3.6 (including) 2.3.6 (including)
Silverstripe Silverstripe 2.3.7 (including) 2.3.7 (including)
Silverstripe Silverstripe 2.3.8 (including) 2.3.8 (including)
Silverstripe Silverstripe 2.3.9 (including) 2.3.9 (including)
Silverstripe Silverstripe 2.3.10 (including) 2.3.10 (including)
Silverstripe Silverstripe 2.3.11 (including) 2.3.11 (including)

References