PT-2022-16900 · Xwiki · Xwiki Platform
Surlipu
·
Published
2022-04-08
·
Updated
2023-07-06
·
CVE-2022-24820
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions prior to 12.10.11
XWiki Platform versions prior to 13.4.4
XWiki Platform versions prior to 13.9-rc-1
Description
A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents.
Recommendations
For versions prior to 12.10.11, update to version 12.10.11 or later.
For versions prior to 13.4.4, update to version 13.4.4 or later.
For versions prior to 13.9-rc-1, update to version 13.9-rc-1 or later.
Exploit
Fix
Missing Authentication
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xwiki Platform