Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux

Cross Site Request Forgery in Silverpeas

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Permalink: https://github.com/advisories/GHSA-g27c-w2v7-88xp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 2 months ago
Updated: 2 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-g27c-w2v7-88xp, CVE-2023-47322
References:

Affected Packages

maven:org.silverpeas.core:silverpeas-core-web
Versions: < 6.3.2
Fixed in: 6.3.2