CVE-2023-47327

Name of the Vulnerable Software and Affected Versions Silverpeas Core version 6.3.1

Description The issue is related to broken access control in the "Create a Space" feature, which is supposed to be reserved for administrators. However, any authenticated user can create a space by navigating to the correct URL.

Recommendations For Silverpeas Core version 6.3.1, consider restricting access to the "Create a Space" feature to only administrators until a patch is available. As a temporary workaround, limit the ability of non-administrative users to navigate to the specific URL that allows space creation.