php · statamic/cmsHeads-up
statamic/cms: Authenticated users can view unauthorized resource metadata and content
An authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, g
What changed
An authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources.
Who it affects
All statamic/cms users with authenticated Control Panel users, especially those with restricted permissions.
What to do today
Upgrade to version 5.73.23 or 6.20.0 to fix the vulnerability.
The trail
Collected→
Audited→
Written→
Published