Lucene search
K

4 matches found

NVD
NVD
added 2023/04/05 6:15 p.m.12 views

CVE-2023-28855

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

6.5CVSS6.4AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2023/04/05 5:48 p.m.17 views

CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

6.5CVSS6.3AI score0.00611EPSS
Exploits0References6
CVE
CVE
added 2023/04/05 5:48 p.m.37 views

CVE-2023-28855

CVE-2023-28855 concerns the GLPI plugin Fields , which allows users to add custom fields on GLPI items forms. The root cause is a lack of access-control validation, enabling any authenticated user to write data to any fields container, including those the user has no configured access to. This ca...

6.5CVSS6.4AI score0.00611EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/04/05 5:48 p.m.16 views

CVE-2023-28855 Fields GLPI plugin vulnerable to unauthorized write access to additional fields

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

6.5CVSS6.5AI score0.00611EPSS
Exploits0References4
Rows per page
Query Builder