Broken Access Control in Silverpeas Core 6.3.1 Allows Unauthorized Space Creation
CVE-2023-47327

4.3MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47327?

The 'Create a Space' feature in Silverpeas Core 6.3.1 is meant exclusively for administrators. However, due to flawed access control mechanisms, any authenticated user can exploit this vulnerability to create a space by simply navigating to the designated URL. This opens the door to potential misuse and misconfiguration within the application, making it critical for organizations using Silverpeas to address this issue promptly.

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023