Silverstripe · Silverstripe/Reports · CVE-2024-29885
**Name of the Vulnerable Software and Affected Versions**
silverstripe/reports versions prior to 5.2.3
**Description**
The issue allows reports to be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`.
**Recommendations**
For versions prior to 5.2.3, upgrade to version 5.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the reports admin section to minimize the risk of exploitation.