cbcvebase.
CVE-2022-41936
published 2022-11-22

CVE-2022-41936: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.72%
49.4th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.

Affected

6 ranges
VendorProductVersion rangeFixed in
xwikixwiki>= 14.0 < 14.4.314.4.3
xwikixwiki>= 14.5 < 14.614.6
xwikixwiki>= 8.1 < 13.10.813.10.8
xwikixwiki-platform
xwikixwiki-platform
xwikixwiki-platform
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.