CVE-2022-24821: Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
First published: Fri Apr 08 2022(Updated: )
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xwiki Xwiki | >=12.0.0<12.10.11 | |
| Xwiki Xwiki | >=13.4.0<13.4.6 | |
| Xwiki Xwiki | =13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/xwiki
- canonical/xwiki xwiki
- version/xwiki xwiki/12.0.0
- version/xwiki xwiki/13.4.0
- version/xwiki xwiki/13.10