Home > Vulnerability Database > CVE-2022-41936

Mend.io Vulnerability Database

CVE-2022-41936

Good to know:

Date: November 21, 2022

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The "modifications" rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the "modifications" rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.

Language: Java

Severity Score

5.3

Related Resources (6)

Url: https://github.com/xwiki/xwiki-platform/commit/38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff

Url: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p88w-fhxw-xvcc

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41936

Url: https://github.com/xwiki/xwiki-platform

Url: https://jira.xwiki.org/browse/XWIKI-19997

Url: https://www.mend.io/vulnerability-database/CVE-2022-41936

Severity Score

5.3

Weakness Type (CWE)

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

Top Fix

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-rest-server:13.10.8;org.xwiki.platform:xwiki-platform-rest-server:14.4.3;org.xwiki.platform:xwiki-platform-rest-server:14.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41936

Good to know:

Date: November 21, 2022

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?