Home > Vulnerability Database > CVE-2024-30263

Mend.io Vulnerability Database

CVE-2024-30263

Date: April 4, 2024

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.

Language: Java

Severity Score

7.7

Related Resources (4)

Url: https://github.com/xwikisas/macro-pdfviewer/issues/49

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-30263

Url: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f

Url: https://www.mend.io/vulnerability-database/CVE-2024-30263

Severity Score

7.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-30263

Date: April 4, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?