4 matches found
CVE-2024-21648
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
CVE-2024-21648
creationtimestamp| type| source ---|---|--- 2024-01-09 01:26:31+00:00| seen| https://t.me/ctinow/164736 2024-01-25 19:16:49+00:00| seen| https://t.me/ctinow/173718...
CVE-2024-21648
CVE-2024-21648 affects XWiki Platform. The issue is a missing privilege check on the rollback action, allowing a user to rollback a page to gain rights they no longer have. The root cause is insufficient rights verification during rollback. Remediation is available in patched releases: XWiki 14.1...
CVE-2024-21648 XWiki has no right protection on rollback action
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...