Unrated severityNVD Advisory· Published Nov 13, 2024· Updated Nov 14, 2024
The PDF viewer macro allows accessing any attachment without access right checks
CVE-2024-52299
Description
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.5.6+ 1 more
- (no CPE)range: <2.5.6
- (no CPE)range: >= 1.6.2, < 2.5.6
Patches
Vulnerability mechanics
References
1- github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-522m-m242-jr9pmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.