CVE-2022-23615

Опубликовано: 09 фев. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-5024
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-5024
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 13.0 (исключая)

EPSS

Процентиль: 15%

0.00047

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-f4cj-3q3h-884r