macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
Metrics
Affected Vendors & Products
References
History
Mon, 18 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xwiki
Xwiki pdf Viewer Macro |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:xwiki:pdf_viewer_macro:*:*:*:*:pro:*:*:* | |
Vendors & Products |
Xwiki
Xwiki pdf Viewer Macro |
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xwikisas
Xwikisas macro Pdfviewer |
|
CPEs | cpe:2.3:a:xwikisas:macro_pdfviewer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Xwikisas
Xwikisas macro Pdfviewer |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6. | |
Title | The PDF viewer macro allows accessing any attachment without access right checks | |
Weaknesses | CWE-340 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-13T15:29:07.107Z
Updated: 2024-11-14T13:58:59.615Z
Reserved: 2024-11-06T19:00:26.395Z
Link: CVE-2024-52299
Vulnrichment
Updated: 2024-11-14T13:58:54.437Z
NVD
Status : Analyzed
Published: 2024-11-13T16:15:19.990
Modified: 2024-11-18T17:29:37.337
Link: CVE-2024-52299
Redhat
No data.