216.73.216.133

CVE-2024-45591

· Published 10/09/2024 16:15 · Modified 20/09/2024 19:55

Labels: CVE-2024-45591 2024-09-10CVE-2024-45591CWE-359CWE-862[email protected]

Essential information

Published
10/09/2024 16:15
Modified
20/09/2024 19:55
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xwiki / xwiki cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
xwiki / xwiki cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

References