CVE-2022-41932

🗓️ 23 Nov 2022 21:10:15Reported by [email protected]Type

XWiki Platform allows creation of new schemas and tables using a crafted user identifier, leading to degraded database performance. Patched in XWiki 13.10.8, 14.6RC1, and 14.4.2. Upgrade advised

Reporter	Title	Published	Views	Family All 9
CNVD	Unspecified Vulnerability in XWiki Platform	25 Nov 202200:00	–	cnvd
Prion	Design/Logic Flaw	23 Nov 202221:15	–	prion
OSV	Creation of new database tables through login form on PostgreSQL	21 Nov 202222:36	–	osv
OSV	CVE-2022-41932	23 Nov 202221:15	–	osv
OpenVAS	XWiki < 13.10.8, 14.x < 14.4.2, 14.5.x < 14.6-rc-1 Uncontrolled Resource Consumption Vulnerability (GHSA-4x5r-6v26-7j4v)	28 Nov 202200:00	–	openvas
CVE	CVE-2022-41932	23 Nov 202221:15	–	cve
Github Security Blog	Creation of new database tables through login form on PostgreSQL	21 Nov 202222:36	–	github
Cvelist	CVE-2022-41932 Creation of new database tables through login form on PostgreSQL	23 Nov 202200:00	–	cvelist
RedhatCVE	CVE-2022-41932	5 Feb 202523:44	–	redhatcve

Nvd

Node

xwiki xwikiRange<13.10.8

xwiki xwikiRange14.0.0–14.4.2

xwiki xwikiRange14.5.0–14.6

xwiki xwikiMatch14.4.3

xwiki xwikiMatch14.4.4

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-19886
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-4x5r-6v26-7j4v

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Nov 2022 21:15Current

CVSS35.3

EPSS0.00061