Moderate severityNVD Advisory· Published Apr 8, 2022· Updated Apr 22, 2025
Unauthenticated user can retrieve the list of users through uorgsuggest.vm
CVE-2022-24819
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-web-templatesMaven | < 12.10.11 | 12.10.11 |
org.xwiki.platform:xwiki-platform-web-templatesMaven | >= 13.0.0, < 13.4.4 | 13.4.4 |
org.xwiki.platform:xwiki-platform-web-templatesMaven | >= 13.5.0, < 13.9 | 13.9 |
Affected products
1- Range: < 4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-97jg-43c9-q6pfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24819ghsaADVISORY
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pfghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-18850ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.