CVE-2022-36095

Опубликовано: 08 сент. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm template in one's filesystem, to apply the changes exposed there.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj
Patch
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-19550
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj
Patch
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-19550
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 2.3 (включая) до 13.10.6 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.3 (исключая)

cpe:2.3:a:xwiki:xwiki:2.0:milestone2:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-fxwr-4vq9-9vhj