Home > Vulnerability Database > CVE-2023-28855

Mend.io Vulnerability Database

CVE-2023-28855

Good to know:

Date: April 5, 2023

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.

Language: PHP

Severity Score

6.5

Related Resources (6)

Url: https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584

Url: https://github.com/pluginsGLPI/fields/releases/tag/1.13.1

Url: https://github.com/pluginsGLPI/fields/releases/tag/1.20.4

Url: https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28855

Url: https://www.mend.io/vulnerability-database/CVE-2023-28855

Severity Score

6.5

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version 1.13.1,1.20.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28855

Good to know:

Date: April 5, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?