Description

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.

INFO

Published Date :

2024-09-10T15:56:53.484Z

Last Modified :

2024-09-10T19:22:03.317Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45591 vulnerability.

Vendors Products
Xwiki
  • Xwiki
  • Xwiki-platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45591.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8 cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm cve-icon cve-icon
https://jira.xwiki.org/browse/XWIKI-22052 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact