Lucene search
+L

4 matches found

CVE
CVE
added 2024/01/23 1:8 p.m.81 views

CVE-2023-44401

The CVE-2023-44401 issue affects the Silverstripe GraphQL Server. In Silverstripe CMS versions 4.0.0–4.3.7 and 5.0.0–5.1.2, canView permission checks can be bypassed for ORM data in paginated GraphQL query results where total records exceed a page size (including queries with explicit limits). Th...

5.3CVSS5.1AI score0.00419EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/23 1:8 p.m.3 views

CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data

The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...

5.3CVSS5.1AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2024/01/23 12:49 p.m.40 views

GHSA-JGPH-W8RH-XF5P View permissions are bypassed for paginated lists of ORM data

Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...

5.3CVSS5.1AI score0.00419EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 2024/01/22 11:19 p.m.23 views

CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...

5.3CVSS7.2AI score0.00419EPSS
Exploits0Affected Software1
Rows per page
Query Builder