CVE-2022-41936

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41936

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41936.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41936

Aliases

GHSA-p88w-fhxw-xvcc

Published

2022-11-22T00:00:00Z

Modified

2025-12-04T10:38:47.448538Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server

Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The modifications rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the modifications rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-359"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41936.json"
}

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

6b0f407f00b668efda8e19aa41aee776f82dcd78

Fixed

f1061cdd99a531c74466c225011a1d25d203a14b

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff

Affected versions

xwiki-application-calendar-1.*

xwiki-application-calendar-1.0

xwiki-platform-7.*

xwiki-platform-7.3-milestone-2

xwiki-platform-7.4-milestone-1

xwiki-platform-7.4-milestone-2

xwiki-platform-8.*

xwiki-platform-8.0-milestone-1

xwiki-platform-8.0-milestone-2

xwiki-platform-8.1-milestone-1

xwiki-platform-8.1-milestone-2

xwiki-platform-8.2-milestone-1

xwiki-platform-8.2-milestone-2

xwiki-platform-8.3-milestone-1

xwiki-platform-9.*

xwiki-platform-9.9-rc-2

xwiki-plugin-tag-1.*

xwiki-plugin-tag-1.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/xwiki/xwiki-platform/commit/38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff",
        "signature_type": "Line",
        "target": {
            "file": "xwiki-platform-core/xwiki-platform-rest/xwiki-platform-rest-server/src/main/java/org/xwiki/rest/internal/resources/ModificationsResourceImpl.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-41936-ed68722d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "3040236606649621333377421367846740581",
                "124761170461509244545270863193178880832",
                "168078324775925323646511532571686813552",
                "177779699407833604672352283748281317230",
                "108911551660315955580511635272232778424",
                "194287469001606573252453175128955486934",
                "160636653176685410545700029914802761829",
                "87033177223946772957262012084197438210",
                "211899907215076729755738719927788330264",
                "5544671865727499672098883106868066939",
                "339639982449323851049879177952010100132",
                "34155033835856535340366827127243543225",
                "225166057975330167777533602742424186391",
                "145172038790696045288698451839228867349",
                "70257429493673553305304036463788754288",
                "124730489818561270534661300662074674436",
                "89217220857684895555907452597440486953",
                "63383848879342776726057064632992040780",
                "252832573701565122847452609034536660854",
                "241155647649959328988715456044021815582",
                "166758339422022217239989275530446742537",
                "269437600654216956782367267367408076594",
                "144811120550743289002911872137656999809",
                "167056619076024223963514926282948300492",
                "22681885880366472520285013117171394818",
                "4148602854103662869067384794972309941",
                "56204477517358944493112401537592825496",
                "178924535463557308070775071463497593043",
                "243604104095073455053953253755409018813",
                "196308713089991220115148187628541601394"
            ]
        }
    },
    {
        "source": "https://github.com/xwiki/xwiki-platform/commit/38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff",
        "signature_type": "Function",
        "target": {
            "function": "getModifications",
            "file": "xwiki-platform-core/xwiki-platform-rest/xwiki-platform-rest-server/src/main/java/org/xwiki/rest/internal/resources/ModificationsResourceImpl.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-41936-f2ba80f1",
        "digest": {
            "length": 1412.0,
            "function_hash": "4256592141093294996466349631125109399"
        }
    }
]