CVE-2023-47320: Broken access control in Silverpeas

December 13, 2023

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in “Maintenance Mode” due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

References

silverpeas.com/
github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320
github.com/Silverpeas/Silverpeas-Core/commit/fcb4a9740b6c80859e435045b549290a82ae84a2
github.com/advisories/GHSA-whgv-6j78-5rh2
nvd.nist.gov/vuln/detail/CVE-2023-47320

Detect and mitigate CVE-2023-47320 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →