Description

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.

INFO

Published Date :

2024-04-04T16:51:44.212Z

Last Modified :

2024-08-21T14:35:52.094Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-30263 vulnerability.

Vendors Products
Xwikisas
  • Macro Pdfviewer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-30263.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact