Skip to content

Commit

Permalink
Merge pull request #10 from TeneBrae93/master
Browse files Browse the repository at this point in the history 
Silverpeas Title Updates & Blog Post
  • Loading branch information
@DaveYesland
DaveYesland authored Dec 13, 2023
2 parents 8e58c8f + 526940a commit 5a9b5b5
Show file tree
Hide file tree
Showing 8 changed files with 16 additions and 16 deletions.
4 changes: 2 additions & 2 deletions CVE-2023-47320/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47320: Denial of Service via Broken Access Control in Silverpeas Core
# CVE-2023-47320: Silverpeas Core Denial of Service via Broken Access Control

## Information
**Description:** This allows denial-of-service by a low privileged user affecting the Silverpeas Core application. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47321/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47321: Portlet Deployer Access via Broken Access Control in Silverpeas Core
# CVE-2023-47321: Silverpeas Core Portlet Deployer Access via Broken Access Control

## Information
**Description:** This allows low privileged users to access the Portlet Deployment tool. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47322/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47322: CSRF Leading to Privilege Escalation in Silverpeas Core
# CVE-2023-47322: Silverpeas Core CSRF Leading to Privilege Escalation

## Information
**Description:** The "userModify" request is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47323/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47323: Broken Access Control Allows Reading All Messages in Silverpeas Core
# CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages

## Information
**Description:** The notification/messaging feature does not enforce access control on the ID parameter, allowing any user to read all messages (including admin-only messages). <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47324/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47324: Stored XSS in Messages affecting Silverpeas Core
# CVE-2023-47324: Silverpeas Core Stored XSS in Messages

## Information
**Description:** The messaging feature of Silverpeas Core is vulnerable to Stored Cross-Site Scripting (XSS). <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47325/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47325: Broken Access Control on the "Bin" Allows Modification of Deleted Spaces in Silverpeas Core
# CVE-2023-47325: Silverpeas Core Broken Access Control on the "Bin" Allows Modification of Deleted Spaces

## Information
**Description:** Broken Access Control on the "Bin" allows low privileged users to access and modify deleted spaces in Silverpeas Core. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47326/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47326: Domain Creation is vulnerable to CSRF in Silverpeas Core
# CVE-2023-47326: Silverpeas Core Domain Creation is vulnerable to CSRF

## Information
**Description:** Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down
4 changes: 2 additions & 2 deletions CVE-2023-47327/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# CVE-2023-47327: The Space Create Function in Silverpeas Core is vulnerable to Broken Access Control
# CVE-2023-47327: Silverpeas Core Space Create Function is vulnerable to Broken Access Control

## Information
**Description:** The "create a space" feature in Silverpeas Core suffers from broken access control, allowing any user to create a space regardless of permissions. <br>
**Versions Affected:** < 6.3.1 <br>
**Version Fixed:** 6.3.2 <br>
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
**Disclosure Link:** https://rhinosecuritylabs.com/blog/
**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320

## Proof-of-Concept Exploit
Expand Down

0 comments on commit 5a9b5b5

Please sign in to comment.