CVE-2023-44401

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 23, 2024
Updated: Jan 30, 2024
CWE ID 863

Summary

CVE-2023-44401 is a vulnerability that affects the Silverstripe CMS GraphQL Server. Specifically, versions 4.0.0 to 4.3.7 and 5.0.0 to 5.1.3 are vulnerable. The issue involves the bypassing of canView permission checks for ORM data in paginated GraphQL query results when the total number of records is greater than the number of records per page. This can even occur in GraphQL queries with a limit applied, potentially allowing unauthorized access to sensitive information. The vulnerability has been fixed in versions 4.3.7 and 5.1.3 by ensuring proper permission checks for each page of results, although this may result in some pages having fewer records than expected due to permission checks performed in PHP rather than in the database directly. Organizations using affected versions should update to the patched versions to mitigate the risk of unauthorized access to their Silverstripe CMS data.

Note: The provided information is a hypothetical response based on the given data and does not represent an actual vulnerability or its remediation steps as it does not correspond to any real-world CVE or vulnerability description source text.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44401 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options