PT-2023-22205 · Xwiki · Xwiki Commons

Tmortagne

Publicado

2023-04-12

Atualizado

2023-04-25

CVE-2023-29208

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions XWiki Commons versions prior to 14.10

Description The issue concerns rights added to a document not being taken into account for viewing it once it's deleted. This specifically impacts deleted documents that contained view rights. However, view rights provided on a space of a deleted document are properly checked. The problem has been resolved by checking the rights of the current user, allowing only admins and the deleter of the document to view it.

Recommendations For versions prior to 14.10, update to XWiki 14.10 to resolve the issue by implementing the patch that checks the rights of the current user, restricting viewing of deleted documents to admins and the document's deleter.

Exploit

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668

Identificadores relacionados

CVE-2023-29208

GHSA-4F8G-FQ6X-JQRR

Produtos afetados

Xwiki Commons

PT-2023-22205 · Xwiki · Xwiki Commons

CVE-2023-29208

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10