diff --git a/silverstripe/admin/CVE-2023-49783.yaml b/silverstripe/admin/CVE-2023-49783.yaml new file mode 100644 index 000000000..2a89c47ee --- /dev/null +++ b/silverstripe/admin/CVE-2023-49783.yaml @@ -0,0 +1,11 @@ +title: "CVE-2023-49783 No permission checks for editing or deleting records with CSV import form" +link: https://www.silverstripe.org/download/security-releases/CVE-2023-49783 +cve: CVE-2023-49783 +branches: + 1.13.x: + time: 2024-01-23 03:15:01 + versions: ['>=1.0.0', '<1.13.19'] + 2.1.x: + time: 2024-01-23 03:15:49 + versions: ['>=2.0.0', '<2.1.8'] +reference: composer://silverstripe/admin diff --git a/silverstripe/framework/CVE-2023-48714.yaml b/silverstripe/framework/CVE-2023-48714.yaml new file mode 100644 index 000000000..a1db03f81 --- /dev/null +++ b/silverstripe/framework/CVE-2023-48714.yaml @@ -0,0 +1,11 @@ +title: "CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter" +link: https://www.silverstripe.org/download/security-releases/CVE-2023-48714 +cve: CVE-2023-48714 +branches: + 4.13.x: + time: 2024-01-22 22:46:28 + versions: ['>=4.0.0', '<4.13.39'] + 5.1.x: + time: 2024-01-22 22:58:52 + versions: ['>=5.0.0', '<5.1.11'] +reference: composer://silverstripe/framework diff --git a/silverstripe/graphql/CVE-2023-44401.yaml b/silverstripe/graphql/CVE-2023-44401.yaml new file mode 100644 index 000000000..407ddba4d --- /dev/null +++ b/silverstripe/graphql/CVE-2023-44401.yaml @@ -0,0 +1,11 @@ +title: "CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries" +link: https://www.silverstripe.org/download/security-releases/CVE-2023-44401 +cve: CVE-2023-44401 +branches: + 4.3.x: + time: 2024-01-22 23:19:50 + versions: ['>=4.0.0', '<4.3.7'] + 5.1.x: + time: 2024-01-22 23:26:08 + versions: ['>=5.0.0', '<5.1.3'] +reference: composer://silverstripe/graphql