CVE-2024-42850: Silverpeas vulnerable to password complexity rule bypass

August 16, 2024 (updated August 19, 2024)

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

References

github.com/Silverpeas/Silverpeas-Core
github.com/advisories/GHSA-h6jq-w432-j26w
github.com/njmbb8/CVE-2024-42850
nvd.nist.gov/vuln/detail/CVE-2024-42850

Detect and mitigate CVE-2024-42850 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →