silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Thu, 04 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Silverstripe
Silverstripe reports
CPEs cpe:2.3:a:silverstripe:reports:*:*:*:*:*:silverstripe:*:*
Vendors & Products Silverstripe
Silverstripe reports

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T01:17:58.155Z

Reserved: 2024-03-21T15:12:08.997Z

Link: CVE-2024-29885

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.155Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-17T20:15:05.603

Modified: 2025-09-04T14:56:24.503

Link: CVE-2024-29885

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.