CVE-2023-48714

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 23, 2024

Updated: Feb 2, 2024

CWE ID 732

CWE ID 200

Summary

CVE-2023-48714 is a vulnerability affecting the Silverstripe Framework, the foundation of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, unauthorized users were able to access record titles of hidden records through the `GridFieldAddExistingAutocompleter` component. This issue could potentially lead to unintended information disclosure. Versions 4.13.39 and 5.1.11 have since been released to address this vulnerability, mitigating the risk for affected users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SilverStripe Framework

Affected Vendors

SilverStripe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tdCxis
https://www.cve.org/CVERecord?id=CVE-2023-48714
https://nvd.nist.gov/vuln/detail/CVE-2023-48714

Back to Vulnerability Database