Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2023-22728 - Missing permission check in GridFieldPrintButton

Medium (?)
Versions Affected:
silverstripe/framework: ^4.0.0
Versions Fixed:
silverstripe/framework: 4.12.5, 4.13.0
Release Date:

The GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access.

Base CVSS: 4.3

Reported by: Stephan Bauer from relaxt Webdienstleistungsagentur GmbH