silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12849)

Description

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.

Remediation

References

CVE-2017-12849

Related Vulnerabilities

Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)

phpMyAdmin Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-11441)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Unspecified Vulnerability (5.0.12)

WordPress Plugin ELEX WooCommerce Google Shopping (Google Product Feed) Cross-Site Scripting (1.2.3)

WordPress Plugin GeoDirectory-WordPress Business Directory and Classified Ads Listings Cross-Site Scripting (1.4.4)

Severity

Medium

Classification

CVE-2017-12849 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N