Описание
Cross Site Request Forgery in Silverpeas
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
Пакеты
Наименование
org.silverpeas.core:silverpeas-core-web
maven
Затронутые версииВерсия исправления
< 6.3.2
6.3.2
Связанные уязвимости
CVSS3: 8.8
nvd
около 2 лет назад
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.