Information Exposure Affecting org.xwiki.platform:xwiki-platform-web-templates package, versions [,12.10.11)[13.0,13.4.4)[13.5-rc-1,13.9-rc-1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.09% (41st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGXWIKIPLATFORM-2606302
  • published10 Apr 2022
  • disclosed10 Apr 2022
  • creditCamelia Andrei

Introduced: 10 Apr 2022

CVE-2022-24820  (opens in a new tab)
CWE-200  (opens in a new tab)
CWE-359  (opens in a new tab)

How to fix?

Upgrade org.xwiki.platform:xwiki-platform-web-templates to version 12.10.11, 13.4.4, 13.9-rc-1 or higher.

Overview

org.xwiki.platform:xwiki-platform-web-templates is a Web Resources for the XWiki platform.

Affected versions of this package are vulnerable to Information Exposure. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents.

CVSS Scores

version 3.1