CVE-2023-47322: Cross-Site Request Forgery (CSRF)

December 13, 2023

The “userModify” feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

References

silverpeas.com/
github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
github.com/advisories/GHSA-g27c-w2v7-88xp
nvd.nist.gov/vuln/detail/CVE-2023-47322

Code Behaviors & Features

Detect and mitigate CVE-2023-47322 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →