macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xwikisas
Xwikisas macro Pdfviewer |
|
CPEs | cpe:2.3:a:xwikisas:macro_pdfviewer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Xwikisas
Xwikisas macro Pdfviewer |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6. | |
Title | The PDF viewer macro allows accessing any attachment without access right checks | |
Weaknesses | CWE-340 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-13T15:29:07.107Z
Updated: 2024-11-14T13:58:59.615Z
Reserved: 2024-11-06T19:00:26.395Z
Link: CVE-2024-52299
Vulnrichment
Updated: 2024-11-14T13:58:54.437Z
NVD
Status : Awaiting Analysis
Published: 2024-11-13T16:15:19.990
Modified: 2024-11-13T17:01:16.850
Link: CVE-2024-52299
Redhat
No data.