VYPR

Maven package

org.xwiki.platform/xwiki-platform-user-profile-ui

pkg:maven/org.xwiki.platform/xwiki-platform-user-profile-ui

Vulnerabilities (1)

  • CVE-2022-41930Nov 23, 2022
    affected >= 12.4, < 13.10.7fixed 13.10.7

    org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv