Количество 2
Количество 2
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
GHSA-2gj2-vj98-j2qq
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-41929 org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. | CVSS3: 4.9 | 0% Низкий | около 3 лет назад |
| GHSA-2gj2-vj98-j2qq Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | CVSS3: 4.9 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу