Broken Access Control in Silverpeas Core 6.3.1 Allows Unauthorized Space Creation
CVE-2023-47327

4.3MEDIUM

Key Information:

Vendor
Silverpeas
Status
Silverpeas
Vendor
CVE Published:
13 December 2023

Summary

The 'Create a Space' feature in Silverpeas Core 6.3.1 is meant exclusively for administrators. However, due to flawed access control mechanisms, any authenticated user can exploit this vulnerability to create a space by simply navigating to the designated URL. This opens the door to potential misuse and misconfiguration within the application, making it critical for organizations using Silverpeas to address this issue promptly.

References

http://silverpeas.com
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-47327 : Broken Access Control in Silverpeas Core 6.3.1 Allows Unauthorized Space Creation | SecurityVulnerability.io