CVE-2022-23617
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/02/2022
Last modified:
15/02/2022
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* | 12.10.5 (including) | |
cpe:2.3:a:xwiki:xwiki:13.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:xwiki:xwiki:13.1:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page