Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | < 12.10.11 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pfThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-18850ExploitIssue TrackingPatch
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pfThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-18850ExploitIssue TrackingPatch
FAQ
What is CVE-2022-24819?
CVE-2022-24819 is a vulnerability with a CVSS score of 5.3 (MEDIUM). XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to us...
How severe is CVE-2022-24819?
CVE-2022-24819 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24819?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.