We found results for “”
CVE-2023-29208
Good to know:
Date: April 15, 2023
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
Language: Java
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Exposure of Resource to Wrong Sphere
CWE-668Top Fix
Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-oldcore:13.10.11,14.4.7,14.10
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |