Lucene search
GoogleOSV:CVE-2022-23621HistoryFeb 09, 2022 - 10:15 p.m.
CVE-2022-23621
2022-02-0922:15:07
Google
osv.dev
7
xwiki platform
unauthorized access
sensitive files
security patch
workaround
update
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as $xwiki.invokeServletAndReturnAsString("/WEB-INF/xwiki.cfg"). This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right.
Related
cvelist
cvelist
CVE-2022-23621 Missing authorization in xwiki-platform
2022-02-09 21:25:11
openvas
openvas
XWiki LFI Vulnerability (GHSA-2jhm-qp48-hv5j)
2022-02-11 00:00:00
cve
cve
CVE-2022-23621
2022-02-09 22:15:07
osv
osv
Missing authorization in xwiki-platform
2022-02-09 21:56:05
prion
prion
Design/Logic Flaw
2022-02-09 22:15:00
nvd
nvd
CVE-2022-23621
2022-02-09 22:15:07
github
github
Missing authorization in xwiki-platform
2022-02-09 21:56:05