GHSA-whgv-6j78-5rh2

Suggest an improvement
Source
https://github.com/advisories/GHSA-whgv-6j78-5rh2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-whgv-6j78-5rh2/GHSA-whgv-6j78-5rh2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-whgv-6j78-5rh2
Aliases
Published
2023-12-13T15:30:57Z
Modified
2023-12-13T19:56:37.693502Z
Summary
Broken access control in Silverpeas
Details

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

References

Affected packages

Maven / org.silverpeas.core:silverpeas-core-war

Package

Name
org.silverpeas.core:silverpeas-core-war
View open source insights on deps.dev
Purl
pkg:maven/org.silverpeas.core/silverpeas-core-war

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.2

Maven / org.silverpeas.core:silverpeas-core-web

Package

Name
org.silverpeas.core:silverpeas-core-web
View open source insights on deps.dev
Purl
pkg:maven/org.silverpeas.core/silverpeas-core-web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.2