We found results for “”
CVE-2022-41936
Good to know:
Date: November 21, 2022
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.
Language: Java
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Exposure of Private Personal Information to an Unauthorized Actor
CWE-359Top Fix
Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-rest-server:13.10.8,14.4.3,14.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |