3 matches found
CVE-2022-36092
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
CVE-2022-36092
CVE-2022-36092 affects XWiki Platform Old Core. Prior to versions 14.2 and 13.10.4, the login action could bypass rights checks and load arbitrary templates, allowing access to titles, content, and comments of documents (and properties of objects) without knowing class/property names; private wik...
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...