Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. In versions through 4.12.4, 4.13.0-beta1 through 4.13.0-rc1, and 5.0.0-alpha1 through 5.0.0-rc1, the "GridField" print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorized to access.
CWE-862 - Missing Authorization
The missing authorization vulnerability occurs when a software program allows users to access privileged parts of the program without verifying the user credentials. Impact of such a vulnerability depends on the resources employed by the software, ranging from account takeover to sensitive information exposure, denial of service, and complete system takeover.