Description
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.
INFO
Published Date :
2024-04-04T16:51:44.212Z
Last Modified :
2024-08-21T14:35:52.094Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-30263 vulnerability.
| Vendors | Products |
|---|---|
| Xwikisas |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-30263.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact