Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/12/08 6:11 p.m.4 views

CVE-2025-55749

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

8.7CVSS6.9AI score0.01378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 8:9 p.m.8 views

CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

8.7CVSS0.01378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/01 8:9 p.m.2 views

CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

8.7CVSS6.5AI score0.01378EPSS
Exploits0References5
CVE
CVE
added 2025/12/01 8:9 p.m.53 views

CVE-2025-55749

XWiki Jetty package (XJetty) exposes a context that allows static access to files under webapp/, leading to information disclosure of potentially credential-bearing files. Affected versions are 16.7.0–16.10.11, 17.4.4, and 17.7.0. The issue is fixed in 16.10.11, 17.4.4, and 17.7.0. Connected data...

8.7CVSS6.5AI score0.01378EPSS
In wildExploits0References5Affected Software1
OSV
OSV
added 2025/12/01 8:9 p.m.4 views

CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

8.7CVSS6.8AI score0.01378EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/12/01 6:59 p.m.9 views

XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

8.7CVSS7AI score0.01378EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/12/01 6:59 p.m.4 views

GHSA-53GX-J3P6-2RW9 XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

8.7CVSS6.9AI score0.01378EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-48545

Name of the Vulnerable Software and Affected Versions XWiki versions 16.7.0 through 16.10.11 XWiki versions 17.4.0 through 17.4.4 XWiki version 17.7.0 Description XWiki, an open-source wiki software platform, has an issue where the XWiki Jetty package XJetty exposes a context allowing static acce...

8.7CVSS5.3AI score0.01378EPSS
Exploits0References15
Rows per page
Query Builder