Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | < 12.10.11 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5Third Party Advisory
- https://jira.xwiki.org/browse/XWIKI-16544ExploitIssue TrackingThird Party Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5Third Party Advisory
- https://jira.xwiki.org/browse/XWIKI-16544ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2022-24820?
CVE-2022-24820 is a vulnerability with a CVSS score of 5.3 (MEDIUM). XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering ...
How severe is CVE-2022-24820?
CVE-2022-24820 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24820?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.