Vulnerabilities > CVE-2023-26056 - Incorrect Authorization vulnerability in Xwiki

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
xwiki
CWE-863
NVD
Published: 2023-03-02
Updated: 2023-03-13

Summary

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Vulnerable Configurations

Part Description Count
Application
Xwiki
420

Common Weakness Enumeration (CWE)

References