Home > Vulnerability Database > CVE-2022-41935

Mend.io Vulnerability Database

CVE-2022-41935

Good to know:

Date: November 23, 2022

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.

Language: Java

Severity Score

4.3

Related Resources (5)

Url: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p2x4-6ghr-6vmq

Url: https://jira.xwiki.org/browse/XWIKI-19999

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41935

Url: https://github.com/xwiki/xwiki-platform/commit/1450b6e3c69ac7df25e5a2571186d1f43402facd#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a

Url: https://www.mend.io/vulnerability-database/CVE-2022-41935

Severity Score

4.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-livetable-ui:13.10.8,14.4.3,14.6

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41935

Good to know:

Date: November 23, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?