Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2023-22728 - Missing permission check in GridFieldPrintButton

CVE-2023-22728 - Missing permission check in GridFieldPrintButton

Severity:
Medium (?)
Identifier:
CVE-2023-22728
Versions Affected:
silverstripe/framework: ^4.0.0
Versions Fixed:
silverstripe/framework: 4.12.5, 4.13.0
Release Date:
2023-04-26

The GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access.

Base CVSS: 4.3

Reported by: Stephan Bauer from relaxt Webdienstleistungsagentur GmbH