GHSA-xpff-c35g-j3cr: silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDIT_PERMISSIONS and access to the “Security” section is able to re-assign themselves (or another member) to ADMIN level.
CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
- github.com/advisories/GHSA-xpff-c35g-j3cr
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
- github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
- www.silverstripe.org/download/security-releases/ss-2018-001
Code Behaviors & Features
Detect and mitigate GHSA-xpff-c35g-j3cr with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →