Description
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-7198 | org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. |
Github GHSA |
GHSA-2gj2-vj98-j2qq | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore |
References
History
No history.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-04-22T16:01:16.581Z
Reserved: 2022-09-30T00:00:00.000Z
Link: CVE-2022-41929
No data.
Status : Modified
Published: 2022-11-23T19:15:12.717
Modified: 2024-11-21T07:24:05.467
Link: CVE-2022-41929
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA