CVE-2017-12849: Information Exposure

October 12, 2017 (updated November 3, 2017)

Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.

References

nvd.nist.gov/vuln/detail/CVE-2017-12849
www.silverstripe.org/download/security-releases/ss-2017-005

Detect and mitigate CVE-2017-12849 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →