Improper Authorization Validation in Silverstripe Framework's GridField Print View

Improper Authorization Validation in Silverstripe Framework's GridField Print View

CVE-2023-22728 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

Learn more about our Cis Benchmark Audit For Print Devices.