Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d - Patch | |
References | () https://github.com/pluginsGLPI/fields/releases/tag/1.13.1 - Release Notes | |
References | () https://github.com/pluginsGLPI/fields/releases/tag/1.20.4 - Release Notes | |
References | () https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584 - Vendor Advisory |
Information
Published : 2023-04-05 18:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-28855
Mitre link : CVE-2023-28855
CVE.ORG link : CVE-2023-28855
JSON object : View
Products Affected
teclib-edition
- fields
CWE
CWE-269
Improper Privilege Management