QID 995713
Date Published: 2023-10-26
QID 995713: Java (Maven) Security Update for org.xwiki.platform:xwiki-platform-oldcore (GHSA-gh64-qxh5-4m33)
When a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as deleted:1 (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- GHSA-gh64-qxh5-4m33 -
github.com/advisories/GHSA-gh64-qxh5-4m33
CVEs related to QID 995713
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-gh64-qxh5-4m33 | org.xwiki.platform:xwiki-platform-oldcore |
|