CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41929

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.5%

CVSS Severity

CVSS v3 Score 4.9

References

Products affected by CVE-2022-41929

Xwiki » Xwiki » Version: Any

cpe:2.3:a:xwiki:xwiki:*
Xwiki » Xwiki » Version: 11.10

cpe:2.3:a:xwiki:xwiki:11.10
Xwiki » Xwiki » Version: 11.10.1

cpe:2.3:a:xwiki:xwiki:11.10.1
Xwiki » Xwiki » Version: 11.10.10

cpe:2.3:a:xwiki:xwiki:11.10.10
Xwiki » Xwiki » Version: 11.10.11

cpe:2.3:a:xwiki:xwiki:11.10.11
Xwiki » Xwiki » Version: 11.10.12

cpe:2.3:a:xwiki:xwiki:11.10.12
Xwiki » Xwiki » Version: 11.10.13

cpe:2.3:a:xwiki:xwiki:11.10.13
Xwiki » Xwiki » Version: 11.10.2

cpe:2.3:a:xwiki:xwiki:11.10.2
Xwiki » Xwiki » Version: 11.10.3

cpe:2.3:a:xwiki:xwiki:11.10.3
Xwiki » Xwiki » Version: 11.10.4

cpe:2.3:a:xwiki:xwiki:11.10.4
Xwiki » Xwiki » Version: 11.10.5

cpe:2.3:a:xwiki:xwiki:11.10.5
Xwiki » Xwiki » Version: 11.10.6

cpe:2.3:a:xwiki:xwiki:11.10.6
Xwiki » Xwiki » Version: 11.10.7

cpe:2.3:a:xwiki:xwiki:11.10.7
Xwiki » Xwiki » Version: 11.10.8

cpe:2.3:a:xwiki:xwiki:11.10.8
Xwiki » Xwiki » Version: 11.7

cpe:2.3:a:xwiki:xwiki:11.7
Xwiki » Xwiki » Version: 11.8

cpe:2.3:a:xwiki:xwiki:11.8
Xwiki » Xwiki » Version: 11.8.1

cpe:2.3:a:xwiki:xwiki:11.8.1
Xwiki » Xwiki » Version: 11.9

cpe:2.3:a:xwiki:xwiki:11.9
Xwiki » Xwiki » Version: 12.0

cpe:2.3:a:xwiki:xwiki:12.0
Xwiki » Xwiki » Version: 12.0.0

cpe:2.3:a:xwiki:xwiki:12.0.0
Xwiki » Xwiki » Version: 12.1

cpe:2.3:a:xwiki:xwiki:12.1
Xwiki » Xwiki » Version: 12.10

cpe:2.3:a:xwiki:xwiki:12.10
Xwiki » Xwiki » Version: 12.10.1

cpe:2.3:a:xwiki:xwiki:12.10.1
Xwiki » Xwiki » Version: 12.10.10

cpe:2.3:a:xwiki:xwiki:12.10.10
Xwiki » Xwiki » Version: 12.10.11

cpe:2.3:a:xwiki:xwiki:12.10.11
Xwiki » Xwiki » Version: 12.10.2

cpe:2.3:a:xwiki:xwiki:12.10.2
Xwiki » Xwiki » Version: 12.10.3

cpe:2.3:a:xwiki:xwiki:12.10.3
Xwiki » Xwiki » Version: 12.10.4

cpe:2.3:a:xwiki:xwiki:12.10.4
Xwiki » Xwiki » Version: 12.10.5

cpe:2.3:a:xwiki:xwiki:12.10.5
Xwiki » Xwiki » Version: 12.10.6

cpe:2.3:a:xwiki:xwiki:12.10.6
Xwiki » Xwiki » Version: 12.10.7

cpe:2.3:a:xwiki:xwiki:12.10.7
Xwiki » Xwiki » Version: 12.10.8

cpe:2.3:a:xwiki:xwiki:12.10.8
Xwiki » Xwiki » Version: 12.10.9

cpe:2.3:a:xwiki:xwiki:12.10.9
Xwiki » Xwiki » Version: 12.2

cpe:2.3:a:xwiki:xwiki:12.2
Xwiki » Xwiki » Version: 12.2.1

cpe:2.3:a:xwiki:xwiki:12.2.1
Xwiki » Xwiki » Version: 12.3

cpe:2.3:a:xwiki:xwiki:12.3
Xwiki » Xwiki » Version: 12.4

cpe:2.3:a:xwiki:xwiki:12.4
Xwiki » Xwiki » Version: 12.5

cpe:2.3:a:xwiki:xwiki:12.5
Xwiki » Xwiki » Version: 12.5.1

cpe:2.3:a:xwiki:xwiki:12.5.1
Xwiki » Xwiki » Version: 12.6

cpe:2.3:a:xwiki:xwiki:12.6
Xwiki » Xwiki » Version: 12.6.1

cpe:2.3:a:xwiki:xwiki:12.6.1
Xwiki » Xwiki » Version: 12.6.2

cpe:2.3:a:xwiki:xwiki:12.6.2
Xwiki » Xwiki » Version: 12.6.3

cpe:2.3:a:xwiki:xwiki:12.6.3
Xwiki » Xwiki » Version: 12.6.4

cpe:2.3:a:xwiki:xwiki:12.6.4
Xwiki » Xwiki » Version: 12.6.5

cpe:2.3:a:xwiki:xwiki:12.6.5
Xwiki » Xwiki » Version: 12.6.6

cpe:2.3:a:xwiki:xwiki:12.6.6
Xwiki » Xwiki » Version: 12.6.7

cpe:2.3:a:xwiki:xwiki:12.6.7
Xwiki » Xwiki » Version: 12.6.8

cpe:2.3:a:xwiki:xwiki:12.6.8
Xwiki » Xwiki » Version: 12.7

cpe:2.3:a:xwiki:xwiki:12.7
Xwiki » Xwiki » Version: 12.7.1

cpe:2.3:a:xwiki:xwiki:12.7.1
Xwiki » Xwiki » Version: 12.8

cpe:2.3:a:xwiki:xwiki:12.8
Xwiki » Xwiki » Version: 12.9

cpe:2.3:a:xwiki:xwiki:12.9
Xwiki » Xwiki » Version: 13.0

cpe:2.3:a:xwiki:xwiki:13.0
Xwiki » Xwiki » Version: 13.1

cpe:2.3:a:xwiki:xwiki:13.1
Xwiki » Xwiki » Version: 13.10

cpe:2.3:a:xwiki:xwiki:13.10
Xwiki » Xwiki » Version: 13.10.1

cpe:2.3:a:xwiki:xwiki:13.10.1
Xwiki » Xwiki » Version: 13.10.2

cpe:2.3:a:xwiki:xwiki:13.10.2
Xwiki » Xwiki » Version: 13.10.3

cpe:2.3:a:xwiki:xwiki:13.10.3
Xwiki » Xwiki » Version: 13.10.4

cpe:2.3:a:xwiki:xwiki:13.10.4
Xwiki » Xwiki » Version: 13.10.5

cpe:2.3:a:xwiki:xwiki:13.10.5
Xwiki » Xwiki » Version: 13.10.6

cpe:2.3:a:xwiki:xwiki:13.10.6
Xwiki » Xwiki » Version: 13.2

cpe:2.3:a:xwiki:xwiki:13.2
Xwiki » Xwiki » Version: 13.3

cpe:2.3:a:xwiki:xwiki:13.3
Xwiki » Xwiki » Version: 13.4

cpe:2.3:a:xwiki:xwiki:13.4
Xwiki » Xwiki » Version: 13.4.1

cpe:2.3:a:xwiki:xwiki:13.4.1
Xwiki » Xwiki » Version: 13.4.2

cpe:2.3:a:xwiki:xwiki:13.4.2
Xwiki » Xwiki » Version: 13.4.3

cpe:2.3:a:xwiki:xwiki:13.4.3
Xwiki » Xwiki » Version: 13.4.4

cpe:2.3:a:xwiki:xwiki:13.4.4
Xwiki » Xwiki » Version: 13.4.5

cpe:2.3:a:xwiki:xwiki:13.4.5
Xwiki » Xwiki » Version: 13.4.6

cpe:2.3:a:xwiki:xwiki:13.4.6
Xwiki » Xwiki » Version: 13.4.7

cpe:2.3:a:xwiki:xwiki:13.4.7
Xwiki » Xwiki » Version: 13.5

cpe:2.3:a:xwiki:xwiki:13.5
Xwiki » Xwiki » Version: 13.6

cpe:2.3:a:xwiki:xwiki:13.6
Xwiki » Xwiki » Version: 13.7

cpe:2.3:a:xwiki:xwiki:13.7
Xwiki » Xwiki » Version: 13.8

cpe:2.3:a:xwiki:xwiki:13.8
Xwiki » Xwiki » Version: 13.9

cpe:2.3:a:xwiki:xwiki:13.9
Xwiki » Xwiki » Version: 14.4.3

cpe:2.3:a:xwiki:xwiki:14.4.3
Xwiki » Xwiki » Version: 14.4.4

cpe:2.3:a:xwiki:xwiki:14.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41929

Products

Pricing

Contact Us