CVE-2023-47322 — Cross Site Request Forgery in Silverpeas

Description

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

How to fix CVE-2023-47322

To remediate CVE-2023-47322, upgrade the affected package to a fixed version below.

—upgrade to 6.3.2 or later

Is CVE-2023-47322 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 6.3.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-47322
PATCHgithub.com/Silverpeas/Silverpeas-Core
WEBgithub.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
WEBsilverpeas.com