Skip to content

Broken access control in Silverpeas

Low severity GitHub Reviewed Published Dec 13, 2023 to the GitHub Advisory Database • Updated Dec 13, 2023

Package

maven org.silverpeas.core:silverpeas-core-war (Maven)

Affected versions

< 6.3.2

Patched versions

6.3.2
maven org.silverpeas.core:silverpeas-core-web (Maven)
< 6.3.2
6.3.2

Description

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

References

Published by the National Vulnerability Database Dec 13, 2023
Published to the GitHub Advisory Database Dec 13, 2023
Reviewed Dec 13, 2023
Last updated Dec 13, 2023

Severity

Low

EPSS score

0.051%
(21st percentile)

Weaknesses

CVE ID

CVE-2023-47320

GHSA ID

GHSA-whgv-6j78-5rh2

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.