XWiki Missing Authorization Vulnerability - CVE-2022-41929
Reference:
CVE-2022-41929
Title:
XWiki Missing Authorization Vulnerability
Overview:
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7 14.4.2 and 14.5RC1.