CVE-2022-23617
Published Feb 9, 2022
Last updated 3 years ago
Overview
- Description
- XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- security-advisories@github.com
- CWE-862
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A23AC9C-3160-4393-B09E-9218CD9FE4D1",
"versionEndIncluding": "12.10.5"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8ED2C6F-77E6-4B53-A52D-0CD7FA08AFD1"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:13.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "333C6A66-CDCD-46DC-A095-74D35B076A78"
}
],
"operator": "OR"
}
]
}
]