icon

We found results for “

CVE-2023-29513

Good to know:

icon

Date: April 18, 2023

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the "distribution/firstadminuser.wiki" in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-web-templates:14.10.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us