CVE-2023-25621

Name of the Vulnerable Software and Affected Versions Apache Sling versions prior to 2.6.2

Description A privilege escalation issue exists in the i18n module of Apache Sling, allowing any content author to create i18n dictionaries in the repository in a location they have write access to. These translations are used across the whole product, enabling an author to change any text or dialog in the product. For example, an attacker might fool someone by changing the text on a delete button to "Info".

Recommendations Update to version 2.6.2 or higher, check the configuration for resource loading, and then adjust the access permissions for the configured path accordingly.