CVE-2023-47325: Silverpeas Core Broken Access Control on the "Bin" Allows Modification of Deleted Spaces
Description: Broken Access Control on the "Bin" allows low privileged users to access and modify deleted spaces in Silverpeas Core.
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320
The administrative "Bin" feature in Silverpeas Core 6.3.1 is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
To exploit this vulnerability, an authenticated user needs to navigate directly to this URL: http://localhost:8080/silverpeas/RjobStartPagePeas/jsp/ViewBin. The bin successfully renders revealing all deleted spaces. The low privileged user can then restore or permanently delete the spaces.