Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
References
Configurations
History
21 Nov 2024, 07:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58 - Patch | |
References | () https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm - Vendor Advisory |
04 May 2023, 19:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm - Vendor Advisory | |
References | (MISC) https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58 - Patch |
26 Apr 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-26 14:15
Updated : 2024-11-21 07:45
NVD link : CVE-2023-22728
Mitre link : CVE-2023-22728
CVE.ORG link : CVE-2023-22728
JSON object : View
Products Affected
silverstripe
- framework
CWE
CWE-862
Missing Authorization