CVE-2022-24819

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24819

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24819.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24819

Aliases

GHSA-97jg-43c9-q6pf

Published

2022-04-08T19:20:10Z

Modified

2026-02-18T01:34:35.986143Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Unauthenticated user can retrieve the list of users through uorgsuggest.vm

Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-359"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24819.json"
}

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

48e84afcd78dddb228a53067132edcaace7c65d2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24819.json"

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac12f8e2f29d301d4dcd677381c24b864fa1544b

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b72dfa77858847bb8e11b735cf12385520fc2270

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24819.json"