CVE-2023-28855

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28855
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28855.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-28855
Related
  • GHSA-52vv-hm4x-8584
Published
2023-04-05T18:15:08Z
Modified
2025-01-08T09:44:29.301030Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.

References

Affected packages

Git / github.com/pluginsglpi/fields

Affected ranges

Type
GIT
Repo
https://github.com/pluginsglpi/fields
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.85-beta-6
0.90-1.0
0.90-1.1
0.90-1.2
0.90-1.3

1.*

1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.12.11
1.12.12
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.12.7
1.12.8
1.12.9
1.13.0
1.14.0
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.17.0
1.17.1
1.17.2
1.17.3
1.18.0
1.18.1
1.18.2
1.19.0
1.20.0
1.20.1
1.20.2
1.20.3
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2