Title: SilverStripe sapphire/silverstripe_version Version Information Disclosure
Dec 11, 2010
Dec 10, 2010
SilverStripe contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application stores the version information in the 'silverstripe_version' file with insecure permissions, allowing a remote attacker to view version information.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 2.4.4-rc1 or 2.3.10-rc1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.