PT-2023-30420 · Unknown · Silverpeas Core

Tyler Ramsbey

Publicado

2023-12-13

Atualizado

2023-12-18

CVE-2023-47327

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Silverpeas Core version 6.3.1

Description The issue is related to broken access control in the "Create a Space" feature, which is supposed to be reserved for administrators. However, any authenticated user can create a space by navigating to the correct URL.

Recommendations For Silverpeas Core version 6.3.1, consider restricting access to the "Create a Space" feature to only administrators until a patch is available. As a temporary workaround, limit the ability of non-administrative users to navigate to the specific URL that allows space creation.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-47327

GHSA-VPP3-HPCM-V944

Produtos afetados

Silverpeas Core

PT-2023-30420 · Unknown · Silverpeas Core

CVE-2023-47327

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10