CVE-2022-23619— Xwiki Platform 授权问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-23619の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Information exposure in xwiki-platform
ソース: NVD (National Vulnerability Database)
脆弱性説明
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
信息暴露
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Xwiki Platform 授权问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在授权问题漏洞,该漏洞源于在受影响的版本中,即使wiki对访客关闭,也可以通过使用忘记密码表单来猜测用户是否在wiki上有账户。这个问题已经在XWiki 12.10.9, 13.4.1和13.6RC1上修复。建议用户及时更新。对于这个问题没有已知的解决方法。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| xwiki | xwiki-platform | >= 13.6.0, < 13.6RC1 | - |
II. CVE-2022-23619の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-23619のインテリジェンス情報
请登录查看更多情报信息。
- https://jira.xwiki.org/browse/XWIKI-18787x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-23619
Same Patch Batch · xwiki · 2022-02-09 · 8 CVEs total
| CVE-2022-23616 | 8.8 HIGH | Remote code execution in xwiki-platform |
| CVE-2022-23622 | 7.4 HIGH | Cross site scripting in registration template in xwiki-platform |
| CVE-2022-23620 | 6.8 MEDIUM | Path traversal in xwiki-platform-skin-skinx |
| CVE-2022-23617 | 6.5 MEDIUM | Missing authorization in xwiki-platform |
| CVE-2022-23621 | 5.5 MEDIUM | Missing authorization in xwiki-platform |
| CVE-2022-23615 | 5.4 MEDIUM | Partial authorization bypass on document save in xwiki-platform |
| CVE-2022-23618 | 4.7 MEDIUM | Open Redirect in xwiki-platform |
IV. 関連脆弱性
同じ製品: xwiki-platform
- CVE-2026-40105
XWiki has Reflected Cross-Site Scripting (XSS) in its page h - CVE-2026-33229
XWiki Platform affected by remote code execution with script - CVE-2026-26000
XWiki Platform affected by click-jacking through CSS injecti - CVE-2026-24128
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Er - CVE-2025-66473
XWiki's REST APIs don't enforce any limits, leading to unava
同じベンダー: xwiki
- CVE-2026-40105
XWiki has Reflected Cross-Site Scripting (XSS) in its page h - CVE-2026-40104
XWiki's REST APIs can list all pages/spaces, leading to unav - CVE-2026-33229
XWiki Platform affected by remote code execution with script - CVE-2026-26000
XWiki Platform affected by click-jacking through CSS injecti - CVE-2026-24128
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Er
同じ弱点: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. CVE-2022-23619へのコメント
まだコメントはありません