Home > Vulnerability Database > CVE-2024-30263

Mend.io Vulnerability Database

CVE-2024-30263

Good to know:

Date: April 4, 2024

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.

Language: Java

Severity Score

7.7

Related Resources (4)

Url: https://github.com/xwikisas/macro-pdfviewer/issues/49

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-30263

Url: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f

Url: https://www.mend.io/vulnerability-database/CVE-2024-30263

Severity Score

7.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version macro-pdfviewer-2.5.1

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-30263

Good to know:

Date: April 4, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?