Incorrect Permission Assignment for Critical Resource
CVE-2023-48714
Summary
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. In versions 3.0.2.1 through 4.13.38 and 5.0.0-alpha1 through 5.1.10, if a user should not be able to see a record, but that record can be added to a "GridField" using the "GridFieldAddExistingAutocompleter" component, the record's title can be accessed by that user.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References
Advisory Timeline
- Published