GHSA-xpff-c35g-j3cr: 
PHP vulnerability analysis and mitigation

A security vulnerability (GHSA-xpff-c35g-j3cr) was identified in the SilverStripe framework, known as 'Privilege Escalation Risk in Member Edit form'. The vulnerability was discovered in May 2018 and affected multiple versions of the framework (3.5.7-rc1 to 3.5.8, 3.6.0-rc1 to 3.6.6, 4.0.0-rc1 to 4.0.4, and 4.1.0-rc1 to 4.1.1). The issue was patched with the release of versions 3.5.8, 3.6.6, 4.0.4, and 4.1.1 (SilverStripe Advisory).

The vulnerability allowed members with EDIT_PERMISSIONS permission and access to the 'Security' section to escalate their privileges to ADMIN level. The technical issue stemmed from CMS Fields being constructed using DirectGroups instead of Groups relation, which bypassed the security logic designed to prevent privilege escalation. The vulnerability has been assigned a CVSS v3.1 score of 6.5 (Moderate severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (GitHub Advisory).

The vulnerability allowed unauthorized privilege escalation where users could re-assign themselves or other members to ADMIN level access, potentially compromising the system's security model. This could lead to unauthorized administrative access to the system (GitHub Advisory).

The vulnerability was fixed in SilverStripe framework versions 3.5.8, 3.6.6, 4.0.4, and 4.1.1. Users are advised to upgrade to these patched versions to prevent potential privilege escalation attacks (SilverStripe Advisory).