{"id":"CVE-2023-47323","details":"The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.","aliases":["GHSA-cwh6-hm53-6w2m"],"modified":"2026-04-12T09:35:20.192506Z","published":"2023-12-13T14:15:44.293Z","references":[{"type":"WEB","url":"http://silverpeas.com"},{"type":"EVIDENCE","url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverpeas/silverpeas-core","events":[{"introduced":"0"},{"fixed":"be7d7d580572c31f28e80e84dc3813c4ae6f6bd2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"6.3.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:silverpeas:silverpeas:*:*:*:*:*:*:*:*"}}],"versions":["6.0-alpha1","6.0-alpha2","6.0-alpha3","6.0-beta1","6.0-rc1","6.0-rc2","6.0-rc3","6.3","core-5.11","core-5.12","core-5.6","core-5.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47323.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}