VYPR
Moderate severityNVD Advisory· Published Jan 23, 2024· Updated Jun 17, 2025

Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

CVE-2023-48714

Description

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
silverstripe/frameworkPackagist
< 4.13.394.13.39
silverstripe/frameworkPackagist
>= 5.0.0, < 5.1.115.1.11

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.