CVE-2022-41929
CVE-2022-41929 affects org.xwiki.platform:xwiki-platform-oldcore. The flaw is in User#setDisabledStatus where an entity with only Script rights could enable/disable a user, a function meant for admins. The issue is mitigated by upgrading to patched releases: XWiki 13.10.7, 14.4.2, or 14.5RC1. Rep...