CVE-2023-48714: Exposure of Sensitive Information to an Unauthorized Actor
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField
using the GridFieldAddExistingAutocompleter
component, the record’s title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.
References
Detect and mitigate CVE-2023-48714 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →