Количество 2
Количество 2
CVE-2023-48714
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.
GHSA-qm2j-qvq3-j29v
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-48714 Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-qm2j-qvq3-j29v Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу