CVE-2023-47321
Description
Silverpeas Core 6.3.1 contains an incorrect access control vulnerability in the Portlet Deployer component, allowing administrators to deploy arbitrary .WAR portlets without proper authorization checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Silverpeas Core 6.3.1 contains an incorrect access control vulnerability in the Portlet Deployer component, allowing administrators to deploy arbitrary .WAR portlets without proper authorization checks.
Vulnerability
Overview
CVE-2023-47321 is an incorrect access control vulnerability found in Silverpeas Core version 6.3.1. The root cause lies in the "Portlet Deployer" mechanism, which fails to enforce proper authorization checks when administrators deploy .WAR portlets. This flaw allows users with administrative privileges to deploy arbitrary portlet files without adequate restrictions, potentially bypassing security policies intended to control which components can be added to the platform [1][2].
Attack
Vector and Prerequisites
To exploit this vulnerability, an attacker must first obtain administrative credentials or a session with administrative privileges on the Silverpeas instance. The attacker can then use the Portlet Deployer functionality to upload and deploy a malicious .WAR file. The attack can be carried out remotely, as Silverpeas is a web-based collaborative platform. The lack of input validation or access control checks on the portlet deployment process is the key weakness that enables the attack [2][3].
Impact
Successful exploitation allows an administrator (or an attacker who has compromised an admin account) to deploy unauthorized portlets. This could lead to the execution of arbitrary code within the application server's context, data theft, or full compromise of the Silverpeas server. Since portlets can contain Java code and are executed within the server, this vulnerability poses a critical risk to the confidentiality, integrity, and availability of the affected system [2][3].
Mitigation
Status
As of the publication date (December 2023), no official patch has been released for this vulnerability in the public advisories. The vendor (Silverpeas) has been notified, and affected users should monitor for updates or restrict access to the Portlet Deployer functionality for untrusted administrators. Given that the vulnerability has been publicly disclosed with a proof-of-concept, immediate mitigation is recommended [2][3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.silverpeas.core:silverpeas-core-webMaven | < 6.3.2 | 6.3.2 |
Affected products
2- Silverpeas/Coredescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing access control check on the Portlet Deployer endpoint allows any authenticated user to access functionality intended only for administrators."
Attack vector
An authenticated low-privileged user can exploit this vulnerability by navigating directly to the URL `/silverpeas/portletDeployer` [ref_id=1]. The application fails to enforce an authorization check on this endpoint, so the server processes the request regardless of the user's role. This allows a non-administrative user to reach the Portlet Deployment tool, which is designed for administrators to deploy .WAR portlets [CWE-284]. The attack requires only a valid session cookie and knowledge of the endpoint path; no special payload or crafted request body is needed.
Affected code
The vulnerable endpoint is the Portlet Deployer, accessible at the URL path `/silverpeas/portletDeployer` [ref_id=1]. The advisory does not specify the exact source file or function name responsible for handling this endpoint.
What the fix does
The advisory states the vulnerability is fixed in Silverpeas Core version 6.3.2 [ref_id=1]. No patch diff is provided in the bundle, but the remediation would involve adding an access control check (e.g., role-based authorization) to the Portlet Deployer endpoint so that only users with administrative privileges can access it. The advisory does not specify the exact code changes made.
Preconditions
- authAttacker must be an authenticated user of the Silverpeas application.
- networkAttacker must have network access to the Silverpeas server (e.g., http://localhost:8080/silverpeas/).
- inputNo special payload required; attacker simply navigates to the Portlet Deployer URL.
Reproduction
1. Log in to Silverpeas Core 6.3.1 as a low-privileged (non-administrator) user. 2. Navigate directly to `http://localhost:8080/silverpeas/portletDeployer` in a web browser [ref_id=1]. 3. Observe that the Portlet Deployment tool is accessible, allowing the user to deploy .WAR portlets despite lacking administrative privileges.
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.