PT-2024-31551 · Wiki.Js · Wiki.Js

Urda

Published

2024-09-18

Updated

2024-09-20

CVE-2024-45298

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.303

Description A disabled user can still gain access to a wiki by abusing the password reset function. This allows a user to bypass an account disabling by requesting their password be reset. The issue has been addressed in version 2.5.304.

Recommendations For Wiki.js version 2.5.303, upgrade to version 2.5.304 to resolve the issue. As a temporary workaround, consider disabling the password reset function until the upgrade is applied. Restrict access to the wiki for disabled users to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2024-45298

GHSA-VWWW-C5VG-XGFC

Affected Products

Wiki.Js

PT-2024-31551 · Wiki.Js · Wiki.Js

CVE-2024-45298

Weakness Enumeration

Related Identifiers

Affected Products

References · 8