Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2019-0615

Date: July 29, 2019

Overview

In xwiki-platform, versions xwiki-platform-3.0.1 to xwiki-platform-11.3.2 are vulnerable against privilege escalation.

Details

In xwiki-platform, versions xwiki-platform-3.0.1 to xwiki-platform-11.3.2 are vulnerable against privilege escalation when a user manages to set a higher privilege (‘script’) to himself.

Affected Environments

Xwiki-platform-3.0.1 through xwiki-platform-11.3.2

Prevention

Upgrade to xwiki-platform-11.3.3

Language: Java

Good to know:

icon

Improper Privilege Management

CWE-269
icon

Upgrade Version

Upgrade to version xwiki-platform-11.3.3

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): High
Availability (A): None

Related Resources (2)

https://github.com/xwiki/xwiki-platform/commit/ff48a34a488fab1a6404acf4a905a86a2b47d22c
https://www.mend.io/vulnerability-database/WS-2019-0615