CVE-2024-29885

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 17, 2024

Updated: Jul 18, 2024

CWE ID 200

Summary

CVE-2024-29885 is a vulnerability affecting the silverstripe/reports module in the Silverstripe Framework. This API for creating backend reports can be accessed directly by URL by users who have access to the reports admin section, bypassing the `canView()` method access control. The flaw, present in certain versions, poses a significant security risk, making it crucial for users to upgrade to version 5.2.3. Unfortunately, there are no known workarounds for this issue, and all affected users must upgrade to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Stimulsoft Reports

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xEm1EO
https://www.cve.org/CVERecord?id=CVE-2024-29885
https://nvd.nist.gov/vuln/detail/CVE-2024-29885

Back to Vulnerability Database

CVE-2024-29885

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations