CVE-2021-32620

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 11.10.13 XWiki Platform versions prior to 12.6.7 XWiki Platform versions prior to 12.10.2

Description A user disabled on a wiki using email verification for registration can re-activate themselves by using the activation link provided for their registration.

Recommendations For versions prior to 11.10.13, update to version 11.10.13 or later. For versions prior to 12.6.7, update to version 12.6.7 or later. For versions prior to 12.10.2, update to version 12.10.2 or later. As a temporary workaround, consider resetting the validkey property of the disabled XWiki users by editing the user profile with an object editor.

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2021-32620

GHSA-76MP-659P-RW65

Affected Products

Xwiki Platform

CVE-2021-32620

Weakness Enumeration

Related Identifiers

Affected Products

References · 9