XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

Impact All rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects class and property name must be known, though...

CVE-2022-36092

CVE-2022-36092 affects XWiki Platform Old Core. Prior to versions 14.2 and 13.10.4, the login action could bypass rights checks and load arbitrary templates, allowing access to titles, content, and comments of documents (and properties of objects) without knowing class/property names; private wik...

CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

CVE-2022-36090

CVE-2022-36090 affects XWiki Platform Old Core. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources, including the REST service, did not properly check for inactive (not yet activated or disabled) users, allowing a disabled user to enable themselves via REST and potentially perform actions o...

CVE-2022-31166

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

CVE-2022-31166

XWiki Platform Old Core (versions 11.3.7, 11.0.3, 12.0RC1) is affected by a privilege-escalation flaw in XWikiRights group resolution. Editing a right with the object editor can insert an empty value into groups, which is resolved as a reference to XWiki.WebHome; adding an XWikiGroup xobject to t...

CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

PT-2022-20580 · Xwiki · Xwiki-Platform-Oldcore

Name of the Vulnerable Software and Affected Versions: XWiki Platform Old Core versions 11.3.7 through 12.0RC1 XWiki Platform Old Core version 11.0.3 Description: A bug in XWikiRights resolution of groups can be exploited to obtain privilege escalation. Editing a right with the object editor lead...

SuSE 10 Security Update : findutils-locate (ZYPP Patch Number 3966)

The cronjob that deletes old core files could be tricked to delete arbitrary files. Old core files are deleted if DELETEOLDCORE=yes is set. That is not the case by default though. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...