Skip to main content

Incorrect Permission Assignment for Critical Resource

CVE-2023-48714

Severity Medium
Score 4.3/10

Summary

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. In versions 3.0.2.1 through 4.13.38 and 5.0.0-alpha1 through 5.1.10, if a user should not be able to see a record, but that record can be added to a "GridField" using the "GridFieldAddExistingAutocompleter" component, the record's title can be accessed by that user.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Advisory Timeline

  • Published