CVE-2023-32302

Rejected reason: Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1745811653

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 Nov 2023, 04:14

Type	Values Removed	Values Added
Summary	REJECT Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1745811653	Rejected reason: Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1745811653

04 Oct 2023, 18:15

Type	Values Removed	Values Added
Summary	Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.	REJECT Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1745811653
References	{'url': 'https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14', 'name': 'https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14', 'tags': ['Release Notes'], 'refsource': 'MISC'} {'url': 'https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3', 'name': 'https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3', 'tags': ['Exploit', 'Vendor Advisory'], 'refsource': 'MISC'} {'url': 'https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13', 'name': 'https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13', 'tags': ['Release Notes'], 'refsource': 'MISC'} {'url': 'https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4', 'name': 'https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4', 'tags': ['Patch'], 'refsource': 'MISC'}
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : unknown
CWE	~~CWE-20~~
CPE	cpe:2.3:a:silverstripe:framework::::::::

07 Aug 2023, 22:15

Type	Values Removed	Values Added
CWE	~~CWE-862~~	CWE-20

04 Aug 2023, 17:28

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
First Time		Silverstripe framework Silverstripe
CPE		cpe:2.3:a:silverstripe:framework::::::::
References	~~(MISC) https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14 -~~	(MISC) https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14 - Release Notes
References	~~(MISC) https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13 -~~	(MISC) https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13 - Release Notes
References	~~(MISC) https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4 -~~	(MISC) https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4 - Patch
References	~~(MISC) https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3 -~~	(MISC) https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3 - Exploit, Vendor Advisory

01 Aug 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-01 11:15

Updated : 2024-04-16 18:27

NVD link : CVE-2023-32302

Mitre link : CVE-2023-32302

CVE.ORG link : CVE-2023-32302

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2023-32302

Attach tags to `CVE-2023-32302`