Vulnerability Details CVE-2022-23654
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 3.5
References
- https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b
- https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j
- https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b
- https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j
Products affected by CVE-2022-23654
-
cpe:2.3:a:requarks:wiki.js:-
-
cpe:2.3:a:requarks:wiki.js:1.0
-
cpe:2.3:a:requarks:wiki.js:1.0.0
-
cpe:2.3:a:requarks:wiki.js:1.0.1
-
cpe:2.3:a:requarks:wiki.js:1.0.10
-
cpe:2.3:a:requarks:wiki.js:1.0.102
-
cpe:2.3:a:requarks:wiki.js:1.0.11
-
cpe:2.3:a:requarks:wiki.js:1.0.12
-
cpe:2.3:a:requarks:wiki.js:1.0.3
-
cpe:2.3:a:requarks:wiki.js:1.0.4
-
cpe:2.3:a:requarks:wiki.js:1.0.5
-
cpe:2.3:a:requarks:wiki.js:1.0.6
-
cpe:2.3:a:requarks:wiki.js:1.0.66
-
cpe:2.3:a:requarks:wiki.js:1.0.68
-
cpe:2.3:a:requarks:wiki.js:1.0.7
-
cpe:2.3:a:requarks:wiki.js:1.0.76
-
cpe:2.3:a:requarks:wiki.js:1.0.78
-
cpe:2.3:a:requarks:wiki.js:1.0.8
-
cpe:2.3:a:requarks:wiki.js:1.0.9
-
cpe:2.3:a:requarks:wiki.js:2.0.0
-
cpe:2.3:a:requarks:wiki.js:2.0.1
-
cpe:2.3:a:requarks:wiki.js:2.0.12
-
cpe:2.3:a:requarks:wiki.js:2.1.113
-
cpe:2.3:a:requarks:wiki.js:2.2.50
-
cpe:2.3:a:requarks:wiki.js:2.2.51
-
cpe:2.3:a:requarks:wiki.js:2.3.71
-
cpe:2.3:a:requarks:wiki.js:2.3.72
-
cpe:2.3:a:requarks:wiki.js:2.3.77
-
cpe:2.3:a:requarks:wiki.js:2.3.81
-
cpe:2.3:a:requarks:wiki.js:2.4.105
-
cpe:2.3:a:requarks:wiki.js:2.4.107
-
cpe:2.3:a:requarks:wiki.js:2.4.75
-
cpe:2.3:a:requarks:wiki.js:2.5.105
-
cpe:2.3:a:requarks:wiki.js:2.5.117
-
cpe:2.3:a:requarks:wiki.js:2.5.121
-
cpe:2.3:a:requarks:wiki.js:2.5.126
-
cpe:2.3:a:requarks:wiki.js:2.5.132
-
cpe:2.3:a:requarks:wiki.js:2.5.136
-
cpe:2.3:a:requarks:wiki.js:2.5.144
-
cpe:2.3:a:requarks:wiki.js:2.5.151
-
cpe:2.3:a:requarks:wiki.js:2.5.159
-
cpe:2.3:a:requarks:wiki.js:2.5.162
-
cpe:2.3:a:requarks:wiki.js:2.5.170
-
cpe:2.3:a:requarks:wiki.js:2.5.191
-
cpe:2.3:a:requarks:wiki.js:2.5.197
-
cpe:2.3:a:requarks:wiki.js:2.5.201
-
cpe:2.3:a:requarks:wiki.js:2.5.214
-
cpe:2.3:a:requarks:wiki.js:2.5.219
-
cpe:2.3:a:requarks:wiki.js:2.5.254
-
cpe:2.3:a:requarks:wiki.js:2.5.255
-
cpe:2.3:a:requarks:wiki.js:2.5.260
-
cpe:2.3:a:requarks:wiki.js:2.5.264
-
cpe:2.3:a:requarks:wiki.js:2.5.268
-
cpe:2.3:a:requarks:wiki.js:2.5.272
-
cpe:2.3:a:requarks:wiki.js:2.5.274
-
cpe:2.3:a:requarks:wiki.js:2.5.275
-
cpe:2.3:a:requarks:wiki.js:2.5.80