CVE-2023-49783

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 23, 2024
Updated: Feb 2, 2024
CWE ID 863

Summary

CVE-2023-49783 is a vulnerability affecting the Silverstripe Admin, specifically versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8. The vulnerability allows users with create permissions but without edit or delete permissions to still edit or delete records using the CSV import form in ModelAdmin. The likelihood of a user having create permissions but not edit or delete permissions is low, but it is possible. To remediate this vulnerability, users should update to versions 1.13.19 or 2.1.8, which contain a patch for the issue. Additionally, those who have a custom implementation of BulkLoader should update their implementations to respect permissions when the return value of getCheckPermissions() is true, and those who use any BulkLoader in their project logic should consider passing true to setCheckPermissions(). The potential danger this vulnerability poses to an organization is rated as medium severity with a base score of 4.3 out of 10 according to the CVSS score provided by security-advisories@github.com.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-49783 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options