Lucene search
HistoryDec 13, 2023 - 2:15 p.m.
CVE-2023-47323
cve-2023-47323
silverpeas core
access control
security vulnerability
messaging
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
36.1%
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
Affected configurations
Node
silverpeassilverpeasRange<6.3.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverpeas:silverpeas | silverpeas | lt | 6.3.2 |
Related
osv
osv
CVE-2023-47323
2023-12-13 14:15:44
Missing access control in Silverpeas
2023-12-13 15:30:58
nvd
nvd
CVE-2023-47323
2023-12-13 14:15:44
prion
prion
Privilege escalation
2023-12-13 14:15:00
github
github
Missing access control in Silverpeas
2023-12-13 15:30:58
cvelist
cvelist
CVE-2023-47323
2023-12-13 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
36.1%
Related for CVE-2023-47323