Описание
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:xwiki:xwiki:1.0_b1:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:1.0_b2:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
EPSS
Процентиль: 16%
0.00052
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other