CVE-2024-29885

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29885

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29885.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29885

Aliases

GHSA-89q6-98xx-4ffw

Published

2024-07-17T20:15:05Z

Modified

2024-07-19T01:49:49.769891Z

Summary

[none]

Details

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView() method for that report returns false. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/silverstripe/silverstripe-reports

Affected ranges

Type: GIT
Repo: https://github.com/silverstripe/silverstripe-reports
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0351106c18ad4246d983b5f4e082c09c382121f4

Affected versions

1.*

1.1.0

3.*

3.2.0

3.2.0-beta1

3.2.0-beta2

3.2.0-rc1

3.2.0-rc2

3.2.1

3.2.1-rc1

3.2.1-rc2

3.2.2

3.2.2-rc1

3.2.2-rc2

3.2.3

3.2.3-rc1

3.2.3-rc2

3.2.4

3.2.4-rc1

3.2.5

3.2.5-rc1

3.2.5-rc2

3.2.6

3.3.0

3.3.0-beta1

3.3.0-rc1

3.3.0-rc2

3.3.0-rc3

3.3.1

3.3.1-rc1

3.3.1-rc2

3.3.2

3.3.2-rc1

3.3.3

3.3.3-rc1

3.3.3-rc2

3.3.4

3.4.0

3.4.0-rc1

3.4.1

3.4.1-rc1

3.4.1-rc2

3.4.2

3.4.3

3.4.3-rc1

3.4.4

3.4.4-rc1

3.4.5

3.4.5-rc1

3.4.6

3.4.6-rc1

3.4.6-rc2

3.5.0

3.5.0-rc1

3.5.0-rc2

3.5.0-rc3

3.5.1

3.5.1-rc1

3.5.1-rc2

3.5.2

3.5.2-rc1

3.5.3

3.5.3-rc1

3.5.4

3.5.4-rc1

3.5.5

3.5.5-beta1

3.5.5-beta2

3.5.6

3.5.6-rc1

3.5.7

3.5.8

3.5.8-rc1

3.6.0

3.6.0-beta1

3.6.0-beta2

3.6.0-rc1

3.6.1

3.6.1-alpha1

3.6.1-alpha2

3.6.2

3.6.2-beta1

3.6.2-beta2

3.6.3

3.6.3-rc2

3.6.4

3.6.5

3.6.6

3.6.6-rc1

3.6.7

4.*

4.0.0

4.0.0-alpha1

4.0.0-alpha2

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha5

4.0.0-alpha6

4.0.0-alpha7

4.0.0-beta1

4.0.0-beta2

4.0.0-beta3

4.0.0-beta4

4.0.0-rc1

4.0.0-rc2

4.0.0-rc3

4.0.1

4.0.1-rc1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0

4.1.0-rc1

4.1.0-rc2

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.10.0

4.10.0-beta1

4.10.0-rc1

4.11.0

4.11.0-beta1

4.11.0-rc1

4.12.0

4.12.0-beta1

4.12.0-rc1

4.13.0

4.13.0-beta1

4.13.0-rc1

4.13.1

4.13.2

4.13.3

4.13.4

4.13.5

4.2.0

4.2.0-beta1

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0

4.3.0-rc1

4.3.1

4.3.2

4.3.3

4.3.4

4.4.0

4.4.0-rc1

4.4.1

4.5.0

4.5.0-alpha1

4.5.0-rc1

4.5.0-rc2

4.5.1

4.6.0

4.6.0-beta1

4.6.0-rc1

4.7.0

4.7.0-beta1

4.7.0-rc1

4.8.0

4.8.0-beta1

4.8.0-rc1

4.9.0

4.9.0-beta1

4.9.0-rc1

5.*

5.0.0

5.0.0-alpha1

5.0.0-beta1

5.0.0-rc1

5.0.1

5.0.2

5.0.3

5.1.0

5.1.0-beta1

5.1.0-rc1

5.1.1

5.2.0

5.2.0-beta1

5.2.0-rc1

5.2.1

5.2.2