4 matches found
CVE-2023-44401
The CVE-2023-44401 issue affects the Silverstripe GraphQL Server. In Silverstripe CMS versions 4.0.0–4.3.7 and 5.0.0–5.1.2, canView permission checks can be bypassed for ORM data in paginated GraphQL query results where total records exceed a page size (including queries with explicit limits). Th...
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
GHSA-JGPH-W8RH-XF5P View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...
CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...