5 matches found
CVE-2022-23654
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...
CVE-2022-23654
creationtimestamp| type| source ---|---|--- 2022-02-22 22:12:45+00:00| published-proof-of-concept| https://t.me/cibsecurity/37901...
CVE-2022-23654 Improper write access check in Requarks/wiki
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...
CVE-2022-23654
Wiki.js (Node.js-based wiki) is affected by CVE-2022-23654 where an authenticated writer can update a page outside allowed paths by supplying a different target page ID while keeping the path, because access control checks the path against user-provided values instead of the actual path for the p...
CVE-2022-23654 Improper write access check in Requarks/wiki
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...