Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2010-5080
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-26 Aug, 2012 | 18:55
Updated At-11 Apr, 2025 | 00:51

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Silverstripe
silverstripe
>>silverstripe>>2.3.0
cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.0
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.0
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.0
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.1
cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.1
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.1
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.2
cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.3
cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.4
cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.5
cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.6
cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.7
cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.8
cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.3.9
cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.4.0
cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.4.1
cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.4.2
cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
Silverstripe
silverstripe
>>silverstripe>>2.4.3
cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-255Primarynvd@nist.gov
CWE-352Primarynvd@nist.gov
CWE ID: CWE-255
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10secalert@redhat.com
N/A
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4secalert@redhat.com
N/A
http://open.silverstripe.org/changeset/114758secalert@redhat.com
N/A
http://secunia.com/advisories/42346secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2011/01/03/12secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/04/30/1secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/04/30/3secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/05/01/3secalert@redhat.com
N/A
http://www.osvdb.org/69887secalert@redhat.com
N/A
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10af854a3a-2127-422b-91ae-364da2661108
N/A
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4af854a3a-2127-422b-91ae-364da2661108
N/A
http://open.silverstripe.org/changeset/114758af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42346af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2011/01/03/12af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/04/30/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/04/30/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/05/01/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/69887af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://open.silverstripe.org/changeset/114758
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42346
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/03/12
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/30/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/30/3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/01/3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.osvdb.org/69887
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://open.silverstripe.org/changeset/114758
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42346
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/03/12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/30/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/30/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/01/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/69887
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found