4 matches found
CVE-2023-28855
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...
CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...
CVE-2023-28855
CVE-2023-28855 concerns the GLPI plugin Fields , which allows users to add custom fields on GLPI items forms. The root cause is a lack of access-control validation, enabling any authenticated user to write data to any fields container, including those the user has no configured access to. This ca...
CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...