CVE-2022-23615

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 13.0

Description The issue affects XWiki Platform, a generic wiki platform offering runtime services for applications built on top of it. In affected versions, any user with SCRIPT right can save a document with the right of the current user, allowing access to API requiring programming right if the current user has programming right.

Recommendations For versions prior to 13.0, update to XWiki 13.0 to resolve the issue. As a temporary workaround, consider limiting SCRIPT access to trusted users only.