Lucene search
K

4 matches found

Cvelist
Cvelist
added 2022/11/23 12:0 a.m.34 views

CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attack...

7.5CVSS8.3AI score0.00816EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.28 views

CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched ...

4.9CVSS5.3AI score0.00713EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.35 views

CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

9.9CVSS10AI score0.0119EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/11/21 10:35 p.m.35 views

Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore

Impact It's possible for a user with only Script rights to enable or disable a user: this operation should be only doable for users with admin rights. Patches This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. Workarounds There is no workaround other than upgrading the wiki, but...

4.9CVSS5.5AI score0.00713EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder