CVE-2022-23617

Опубликовано: 09 фев. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18430
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18430
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия до 12.10.5 (включая)

cpe:2.3:a:xwiki:xwiki:13.0:*:*:*:*:*:*:*

cpe:2.3:a:xwiki:xwiki:13.1:-:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00066

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-gf7x-2j2x-7f73