4 matches found
GHSA-JH3W-6JP2-VQQM Missing permission check of canView in GridFieldPrintButton
The GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Upgrade to silverstripe/framework 4.12.5 or above to address the issue. Reported by Stephan Bauer from relaxt...
Missing permission check of canView in GridFieldPrintButton
The GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Upgrade to silverstripe/framework 4.12.5 or above to address the issue. Reported by Stephan Bauer from relaxt...
CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...
CVE-2023-22728 - Missing permission check in GridFieldPrintButton
More info at https://www.silverstripe.org/download/security-releases/cve-2023-22728...