CVE-2023-48714

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-48714

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48714.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-48714

Aliases

GHSA-qm2j-qvq3-j29v

Published

2024-01-23T13:49:27.350Z

Modified

2026-06-15T12:21:21.025988040Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

Details

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48714.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/silverstripe/silverstripe-framework

Affected ranges

Type

GIT

Repo

https://github.com/silverstripe/silverstripe-framework

Events

Introduced

Fixed

6fe377e69de4727ee2e594e12a4d314134b328ad

Introduced

f7a15519468502ce91b23fc1e6decd3bbb427a78

Fixed

312ee582923c6984591ac76602df70f2b89ae3d1

Database specific

{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.13.39"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.1.11"
        }
    ]
}

Affected versions

2.*

2.2.0-rc1

2.2.2-rc1

2.3.0-rc1

3.*

3.0.0-alpha1

3.0.0-alpha2

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-rc1

4.*

4.0.0-alpha1

4.0.0-alpha2

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha6

4.0.0-alpha7

4.0.0-beta1

4.0.0-beta2

4.0.0-beta3

4.1.0-rc1

4.13.0

4.13.0-beta1

4.13.0-rc1

4.13.1

4.13.10

4.13.11

4.13.12

4.13.13

4.13.14

4.13.15

4.13.16

4.13.17

4.13.18

4.13.19

4.13.2

4.13.20

4.13.21

4.13.22

4.13.23

4.13.24

4.13.25

4.13.26

4.13.27

4.13.28

4.13.29

4.13.3

4.13.30

4.13.31

4.13.32

4.13.33

4.13.34

4.13.35

4.13.36

4.13.37

4.13.38

4.13.4

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.6.0-beta1

4.7.0-beta1

4.8.0-beta1

4.9.0-alpha1

4.9.0-beta1

5.*

5.0.0-alpha1

5.0.0-beta1

5.1.0

5.1.0-beta1

5.1.0-rc1

5.1.1

5.1.10

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.8

5.1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48714.json"