CVE-2017-12849
MEDIUM5.3EPSS 0.39%Silverstripe CMS User Enumeration
Published: 5/17/2022Modified: 2/16/2024
Also known as:GHSA-fwhr-g5r4-xgxf
Description
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
Affected packages (1)
- Packagist/silverstripe/cmsfrom 0, < 3.5.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |