Miggo Logo
Miggo Vulnerability Database
GHSA-r3pr-fh25-wrfc

GHSA-r3pr-fh25-wrfc:
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

6.5

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-r3pr-fh25-wrfc
EPSS Score
-
CWE
CWE-200
Published
5/27/2024
Updated
5/27/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/frameworkcomposer>= 4.0.0-rc1, < 4.0.14.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from password fields being pre-populated with actual credentials from environment variables. The patch introduced a $realPassword parameter to these functions to control password redaction. In vulnerable versions, these functions always returned raw environment values (SS_DATABASE_PASSWORD/SS_DEFAULT_ADMIN_PASSWORD) which were directly embedded in HTML form 'value' attributes. The functions' output was used in config-form.html rendering, making them the root cause of the disclosure. The commit modifies these exact functions to implement placeholder substitution, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n ****ssin* t** `inst*ll.p*p` s*ript it is possi*l* to *xtr**t *ny pr*-*on*i*ur** **t***s* or ****ult **min ***ount p*sswor* *y vi*win* t** sour** o* t** p***, *n* insp**tin* t** `v*lu*` prop*rty o* t** p*sswor* *i*l*s.

Reasoning

T** vuln*r**ility st*mm** *rom p*sswor* *i*l*s **in* pr*-popul*t** wit* **tu*l *r***nti*ls *rom *nvironm*nt v*ri**l*s. T** p*t** intro*u*** * $r**lP*sswor* p*r*m*t*r to t**s* *un*tions to *ontrol p*sswor* r****tion. In vuln*r**l* v*rsions, t**s* *un*