Lucene search
Veracode Vulnerability DatabaseVERACODE:40462HistoryMay 10, 2023 - 6:41 a.m.
Missing Authorization
2023-05-1006:41:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
missing authorization
gridfieldprintbutton.php
data objects
sensitive information
security
EPSS
0.001
Percentile
29.6%
silverstripe/framework is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the GridFieldPrintButton.php data objects, which allows an attacker to gain sensitive information.
References
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
www.silverstripe.org/download/security-releases/cve-2023-22728
Related
github
github
Missing permission check of canView in GridFieldPrintButton
2023-04-26 19:47:07
nvd
nvd
CVE-2023-22728
2023-04-26 14:15:09
prion
prion
Design/Logic Flaw
2023-04-26 14:15:00
friendsofphp
friendsofphp
CVE-2023-22728 - Missing permission check in GridFieldPrintButton
2023-04-25 23:24:46
cve
cve
CVE-2023-22728
2023-04-26 14:15:09
osv
osv
CVE-2023-22728
2023-04-26 14:15:09
Missing permission check of canView in GridFieldPrintButton
2023-04-26 19:47:07
cvelist
cvelist