CVE-2023-47322 – org.silverpeas.core:silverpeas-core-web

Package

Manager: maven
Name: org.silverpeas.core:silverpeas-core-web
Vulnerable Version: >=0 <6.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00144 pctl0.35217

Details

Cross Site Request Forgery in Silverpeas The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Metadata

Created: 2023-12-13T15:30:58Z
Modified: 2023-12-15T22:10:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-g27c-w2v7-88xp/GHSA-g27c-w2v7-88xp.json
CWE IDs: ["CWE-352", "CWE-79"]
Alternative ID: GHSA-g27c-w2v7-88xp
Finding: F007
Auto approve: 1