Vulnerability Description
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teclib-Edition | Fields | < 1.13.1 |
Related Weaknesses (CWE)
References
- https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4cPatch
- https://github.com/pluginsGLPI/fields/releases/tag/1.13.1Release Notes
- https://github.com/pluginsGLPI/fields/releases/tag/1.20.4Release Notes
- https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584Vendor Advisory
- https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4cPatch
- https://github.com/pluginsGLPI/fields/releases/tag/1.13.1Release Notes
- https://github.com/pluginsGLPI/fields/releases/tag/1.20.4Release Notes
- https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584Vendor Advisory
FAQ
What is CVE-2023-28855?
CVE-2023-28855 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any...
How severe is CVE-2023-28855?
CVE-2023-28855 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28855?
Check the references section above for vendor advisories and patch information. Affected products include: Teclib-Edition Fields.