What is CVE-2023-28855?

CVE-2023-28855 is a medium-severity vulnerability in Pluginsglpi Fields, classified under Improper Privilege Management. CVSS score: 6.5/10. Published 2023-04-05.

How severe is CVE-2023-28855?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Privilege escalation in Pluginsglpi Fields

CVE-2023-28855

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to w…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (45.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Pluginsglpi Fields — versions < 1.13.1, >= 1.20.0, < 1.20.4

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584 (x_refsource_CONFIRM)
https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d (x_refsource_MISC)
https://github.com/pluginsGLPI/fields/releases/tag/1.13.1 (x_refsource_MISC)
https://github.com/pluginsGLPI/fields/releases/tag/1.20.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-28855?: CVE-2023-28855 is a medium-severity vulnerability in Pluginsglpi Fields, classified under Improper Privilege Management. CVSS score: 6.5/10. Published 2023-04-05.
How severe is CVE-2023-28855?: Medium severity. CVSS v3 base score is 6.5 out of 10.