Unrated severityNVD Advisory· Published Apr 5, 2023· Updated Feb 10, 2025
Fields GLPI plugin vulnerable to unauthorized write access to additional fields
CVE-2023-28855
Description
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< 1.13.1, < 1.20.4+ 1 more
- (no CPE)range: < 1.13.1, < 1.20.4
- (no CPE)range: < 1.13.1
Patches
Vulnerability mechanics
References
4- github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205dmitrex_refsource_MISC
- github.com/pluginsGLPI/fields/releases/tag/1.13.1mitrex_refsource_MISC
- github.com/pluginsGLPI/fields/releases/tag/1.20.4mitrex_refsource_MISC
- github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.