GHSA-xpff-c35g-j3cr: silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDIT_PERMISSIONS
and access to the “Security” section is able to re-assign themselves (or another member) to ADMIN
level.
CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
- github.com/advisories/GHSA-xpff-c35g-j3cr
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
- github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
- www.silverstripe.org/download/security-releases/ss-2018-001
Detect and mitigate GHSA-xpff-c35g-j3cr with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →