9 matches found
EUVD-2023-2540
Malicious code in bioql PyPI...
Improper Access Control
Directus is vulnerable to Improper Access Control. The vulnerability is due to improper evaluation of field-level access permissions when multiple overlapping update policies apply, allowing users to update a superset of fields rather than only those permitted for a specific item...
CVE-2023-37263 Strapi's field level permissions not being respected in relationship title
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...
CVE-2023-37263
CVE-2023-37263 affects Strapi (open-source headless CMS). The issue: field-level permissions are not respected in the relationship title, causing a field the user should not see to be visible when a relation includes that field. Impact is described as information disclosure under older releases. ...
Improper Authorization
@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to Field level permissions not being respected in the relationship title, as there are no RBAC permission checks to read the field in relations.js...
statTypes REST API exposes all statistics field names anonymously
On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...
[SECURITY] Fedora 15 Update: drupal7-field_permissions-1.0-0.2.beta2.fc15
The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. It allows site administrators to set field-level permissions to edit or view CCK fields in any node, and optionally new feature compared to Content Permissions module, edit field during node...
Fedora Update for drupal7-field_permissions FEDORA-2012-1390
Check for the Version of drupal7-fieldpermissions OpenVAS Vulnerability Test Fedora Update for drupal7-fieldpermissions FEDORA-2012-1390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...
Permissions at field level
I would like to be able to limit what users roles are able to modify individual fields. For example, I only want to allow particular people project managers to be able to select a fix version in an issue. However, it seems that any user who can edit an issue, including the reporter, can set the...