{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44401", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.615Z", "datePublished": "2024-01-23T13:08:34.055Z", "dateUpdated": "2024-08-02T20:07:32.920Z"}, "containers": {"cna": {"title": "Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"}, {"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401", "tags": ["x_refsource_MISC"], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"}], "affected": [{"vendor": "silverstripe", "product": "silverstripe-graphql", "versions": [{"version": ">= 4.0.0, < 4.3.7", "status": "affected"}, {"version": ">= 5.0.0, < 5.1.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-23T13:08:34.055Z"}, "descriptions": [{"lang": "en", "value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."}], "source": {"advisory": "GHSA-jgph-w8rh-xf5p", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.920Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"}, {"name": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*", "matchCriteriaId": "88D22C86-D9E5-47B2-BB57-7D0E77628ED7", "versionEndExcluding": "4.3.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0718F16-E23B-469B-B4FC-1CBA2E886DC3", "versionEndExcluding": "5.1.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."}, {"lang": "es", "value": "Silverstripe CMS GraphQL Server sirve datos de Silverstripe como representaciones GraphQL. En las versiones 4.0.0 anteriores a 4.3.7 y 5.0.0 anteriores a 5.1.3, las comprobaciones de permisos `canView` se omiten para datos ORM en resultados de consultas GraphQL paginados donde el n\u00famero total de registros es mayor que el n\u00famero de registros por p\u00e1gina. Tenga en cuenta que esto tambi\u00e9n afecta a las consultas GraphQL a las que se les aplica un l\u00edmite, incluso si la consulta no est\u00e1 paginada per se. Esto se solucion\u00f3 en las versiones 4.3.7 y 5.1.3 asegurando que no se extraigan nuevos registros de la base de datos despu\u00e9s de realizar comprobaciones de permisos \"canView\" para cada p\u00e1gina de resultados. Esto puede provocar que algunas p\u00e1ginas de los resultados de la consulta tengan menos del n\u00famero m\u00e1ximo de registros por p\u00e1gina, incluso cuando haya m\u00e1s p\u00e1ginas de resultados. Este comportamiento es consistente con c\u00f3mo funciona la paginaci\u00f3n en otras \u00e1reas de Silverstripe CMS, como en `GridField`, y es el resultado de tener que realizar comprobaciones de permisos en PHP en lugar de hacerlo directamente en la base de datos. Se pueden desactivar estas comprobaciones de permisos desactivando el complemento \"CanViewPermission\"."}], "id": "CVE-2023-44401", "lastModified": "2024-01-30T16:31:33.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-23T14:15:37.540", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}