cvedb.io
CVE-2023-28855
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2023-04-05T18:15:08.583 · Last modified 2026-06-17T05:48:55.453

Summary

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.

Affected products

teclib-edition — fields

Does this affect you?

Add your gear to cvedb and we'll alert you only when teclib-edition ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.