CVE-2024-52299

Published Nov 13, 2024

Last updated 3 months ago

Overview

Description: macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
security-advisories@github.com: CWE-340

Hype score: Not currently trending

CVE-2024-52299 macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki … https://t.co/WIaSDf10ND
@CVEnew
13 Nov 2024
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xwiki:pdf_viewer_macro:*:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75E88265-41BB-488A-9003-7F7D65FF38F0",
            "versionEndExcluding": "2.5.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References