{"id":"CVE-2024-36042","details":"Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.","aliases":["GHSA-4w54-wwc9-x62c"],"modified":"2026-03-14T12:34:12.984240Z","published":"2024-06-03T06:15:09.293Z","references":[{"type":"WEB","url":"https://github.com/Silverpeas/Silverpeas-Core/tags"},{"type":"WEB","url":"https://silverpeas.org/"},{"type":"EVIDENCE","url":"https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverpeas/silverpeas-core","events":[{"introduced":"0"},{"fixed":"3e2a80b0d8a1f75c497dce2f1be4e91e8f19ecfd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.3.5"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36042.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}