CVE-2022-23654

Name of the Vulnerable Software and Affected Versions Wiki.js (affected versions not specified)

Description The issue affects Wiki.js, a wiki app built on Node.js, where an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths. This is possible by specifying a different target page ID while keeping the path intact, due to incorrect access control checks against user-provided values instead of the actual path associated with the page ID.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.