The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
{ "versions": [ { "introduced": "0" }, { "fixed": "6.3.2" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47323.json"