Lucene search

[email protected]CVE-2023-47322

HistoryDec 13, 2023 - 2:15 p.m.

CVE-2023-47322

2023-12-1314:15:44

CWE-352

[email protected]

web.nvd.nist.gov

silverpeas

core

6.3.1

usermodify

csrf

vulnerability

privilege escalation

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

The “userModify” feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Affected configurations

NVD

Node

silverpeassilverpeasRange<6.3.2

CPENameOperatorVersion
silverpeas:silverpeassilverpeaslt6.3.2

CPE	Name	Operator	Version
silverpeas:silverpeas	silverpeas	lt	6.3.2

References

silverpeas.com

github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVE-2023-47322

nvd1 osv2 prion1 cvelist1 github1