CVE-2024-21648
HIGHDescription
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| xwiki | xwiki |
| xwiki | xwiki |
| xwiki | xwiki |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-21648? +
How severe is CVE-2024-21648? +
What products are affected by CVE-2024-21648? +
How do I check if I'm vulnerable to CVE-2024-21648? +
Related Vulnerabilities
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value …
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to …
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful …
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an …
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.