Silverstripe Assets Module DBFile Permission Bypass Vulnerability

A permission bypass vulnerability has been identified in the Silverstripe Assets Module, which is essential for the Silverstripe Framework. This issue affects versions of the module prior to 2.4.5 and those in the range of 3.0.0-rc1 to 3.1.2. The vulnerability arises because images accessed through 'DBFile::getURL()' or 'DBFile::getSourceURL()' improperly grant access rights to the current session, circumventing established file permissions. This flaw typically occurs when generating image variants using manipulation methods like 'ScaleWidth()' or 'Convert()'. Additionally, if 'DBFile' is used in the '$db' configuration of a 'DataObject' class that does not inherit from 'File', and the file visibility is set to 'protected', those files will require a specific access grant for retrieval. Developers preferring default accessibility without explicit grants should opt for 'public' visibility.

Impact

Exploitation of this vulnerability allows unauthorized access to files by bypassing the normal permission checks, potentially leading to unauthorized exposure of sensitive data or files.

Remediation

Users can upgrade to Silverstripe Assets Module versions 2.4.5 or 3.1.3 to address this vulnerability.