Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability - CVE-2022-41936 - Vulnerability Database
XWikiplatform

XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability - CVE-2022-41936

High
Reference: CVE-2022-41936
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41936
Title: XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability
Overview:

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The modifications rest endpoint does not filter out entries according to the user39s rights. Therefore information hidden from unauthorized users are exposed though the modifications rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6 14.4.3 or 13.10.8. Older versions have not been patched. There are no known workarounds.