GHSA-g27c-w2v7-88xp

Source

https://github.com/advisories/GHSA-g27c-w2v7-88xp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-g27c-w2v7-88xp/GHSA-g27c-w2v7-88xp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-g27c-w2v7-88xp

Aliases

CVE-2023-47322

Published

2023-12-13T15:30:58Z

Modified

2023-12-15T22:10:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Cross Site Request Forgery in Silverpeas

Details

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Database specific

{
    "nvd_published_at": "2023-12-13T14:15:44Z",
    "github_reviewed_at": "2023-12-13T19:27:49Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-352",
        "CWE-79"
    ],
    "github_reviewed": true
}

References

Affected packages

Maven / org.silverpeas.core:silverpeas-core-web

Package

Name: org.silverpeas.core:silverpeas-core-web; View open source insights on deps.dev
Purl: pkg:maven/org.silverpeas.core/silverpeas-core-web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-g27c-w2v7-88xp/GHSA-g27c-w2v7-88xp.json"