2 matches found
CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attack...
CVE-2022-41930
CVE-2022-41930 concerns the XWiki Platform vulnerability in the component org.xwiki.platform:xwiki-platform-user-profile-ui , where the page XWiki.XWikiUserProfileSheet lacked proper authorization. This allowed any user (logged in or not) with access to that page to enable or disable any user pro...