PT-2022-26167 · Xwiki · Xwiki Platform

Fabian Hafner

Published

2022-11-21

Updated

2022-11-28

CVE-2022-41936

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.3 XWiki Platform versions prior to 14.6

Description The modifications rest endpoint does not filter out entries according to the user's rights, exposing information hidden from unauthorized users, such as comments and page names.

Recommendations For versions prior to 13.10.8, upgrade to XWiki 13.10.8 or later. For versions prior to 14.4.3, upgrade to XWiki 14.4.3 or later. For versions prior to 14.6, upgrade to XWiki 14.6 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-359

Related Identifiers

CVE-2022-41936

GHSA-P88W-FHXW-XVCC

Affected Products

Xwiki Platform

PT-2022-26167 · Xwiki · Xwiki Platform

CVE-2022-41936

Weakness Enumeration

Related Identifiers

Affected Products

References · 9