- Description
- XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-668
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB7E83A5-F68B-487F-B235-9AA7BC32B4D7",
"versionEndExcluding": "13.10.11",
"versionStartIncluding": "1.1"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC782E27-0FE5-48CE-B1E6-896F47ACB5BD",
"versionEndExcluding": "14.4.7",
"versionStartIncluding": "14.4.0"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "569EE28C-5C86-467F-A153-DD4B9BF0053D",
"versionEndExcluding": "14.10",
"versionStartIncluding": "14.5"
}
],
"operator": "OR"
}
]
}
]