3 matches found
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
CVE-2022-36090
CVE-2022-36090 affects XWiki Platform Old Core. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources, including the REST service, did not properly check for inactive (not yet activated or disabled) users, allowing a disabled user to enable themselves via REST and potentially perform actions o...