Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux
Cross Site Request Forgery in Silverpeas
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
Permalink: https://github.com/advisories/GHSA-g27c-w2v7-88xpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 5 months ago
Updated: 5 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-g27c-w2v7-88xp, CVE-2023-47322
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-47322
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
- http://silverpeas.com
- https://github.com/advisories/GHSA-g27c-w2v7-88xp
Blast Radius: 1.0
Affected Packages
maven:org.silverpeas.core:silverpeas-core-web
Affected Version Ranges: < 6.3.2Fixed in: 6.3.2