Maven package
org.xwiki.platform/xwiki-platform-user-profile-ui
pkg:maven/org.xwiki.platform/xwiki-platform-user-profile-ui
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41930 | — | >= 12.4, < 13.10.7 | 13.10.7 | Nov 23, 2022 | org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv |
- CVE-2022-41930Nov 23, 2022affected >= 12.4, < 13.10.7fixed 13.10.7
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv