CVE-2022-41929

CVSS V2 None CVSS V3 None
Description
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
Overview
  • CVE ID
  • CVE-2022-41929
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-23T19:15:12
  • Last Modified Date
  • 2022-11-30T16:48:03
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 13.10.7
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:undefined 1 OR 14.4.2
cpe:2.3:a:xwiki:xwiki:11.7:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2022-11-23 20:00:17 Added to TrackCVE
2022-12-07 18:02:24 2022-11-23T19:15Z 2022-11-23T19:15:12 CVE Published Date updated
2022-12-07 18:02:24 2022-11-30T16:48:03 CVE Modified Date updated
2022-12-07 18:02:24 Analyzed Vulnerability Status updated
2022-12-07 18:02:25 CPE Information updated