CVE-2023-47320

描述

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

受影響套件(2)

• Maven/org.silverpeas.core:silverpeas-core-warfrom 0, < 6.3.2
• Maven/org.silverpeas.core:silverpeas-core-webfrom 0, < 6.3.2

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-47320
• PATCHhttps://github.com/Silverpeas/Silverpeas-Core
• WEBhttps://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320
• WEBhttps://github.com/Silverpeas/Silverpeas-Core/commit/fcb4a9740b6c80859e435045b549290a82ae84a2
• WEBhttp://silverpeas.com