CVE-2023-44401

Summary

CVE-2023-44401 is a vulnerability that affects the Silverstripe CMS GraphQL Server. Specifically, versions 4.0.0 to 4.3.7 and 5.0.0 to 5.1.3 are vulnerable. The issue involves the bypassing of `canView` permission checks for ORM data in paginated GraphQL query results when the total number of records is greater than the number of records per page. This can even occur in GraphQL queries with a limit applied, potentially allowing unauthorized access to sensitive information. The vulnerability has been fixed in versions 4.3.7 and 5.1.3 by ensuring proper permission checks for each page of results, although this may result in some pages having fewer records than expected due to permission checks performed in PHP rather than in the database directly. Organizations using affected versions should update to the patched versions to mitigate the risk of unauthorized access to their Silverstripe CMS data. Note: The provided information is a hypothetical response based on the given data and does not represent an actual vulnerability or its remediation steps as it does not correspond to any real-world CVE or vulnerability description source text.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.