CVE-2023-28855
Published Apr 5, 2023
Last updated 2 years ago
Overview
- Description
- Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teclib-edition:fields:*:*:*:*:*:glpi:*:*",
"vulnerable": true,
"matchCriteriaId": "89C87DD6-157A-4B3B-8C3D-F6AFC6FB2C3E",
"versionEndExcluding": "1.13.1"
},
{
"criteria": "cpe:2.3:a:teclib-edition:fields:*:*:*:*:*:glpi:*:*",
"vulnerable": true,
"matchCriteriaId": "FE8E4B2B-DB2A-4D0F-96AA-651FB7BEE330",
"versionEndExcluding": "1.20.4",
"versionStartIncluding": "1.20.0"
}
],
"operator": "OR"
}
]
}
]