GHSA-2237-5r9w-vm8j: Connect-CMS information that is restricted to viewing is visible

February 7, 2025

Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a feature added in v1.8.0).
Impact by version
v1.8.0 ~ v1.8.3: It will be displayed in the text.
v1.8.0 and earlier: It will not be displayed in the body of the text, but the title (frame name) will be displayed with a link.
Target viewing restriction function
Frame publishing function (private, limited publishing)
IP Restriction Page
Password setting page

References

github.com/advisories/GHSA-2237-5r9w-vm8j
github.com/opensource-workshop/connect-cms
github.com/opensource-workshop/connect-cms/security/advisories/GHSA-2237-5r9w-vm8j

Code Behaviors & Features

Detect and mitigate GHSA-2237-5r9w-vm8j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →