CVE-2022-24820

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24820
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24820.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24820
Aliases
Published
2022-04-08T20:15:09Z
Modified
2024-10-11T09:07:23Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-commons
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed