Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-97jg-43c9-q6pf

GitHub Security Advisory

Unauthenticated user can retrieve the list of users through uorgsuggest.vm

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.

Affected Packages

Maven org.xwiki.platform:xwiki-platform-web-templates
Affected versions: 0 (fixed in 12.10.11)
Maven org.xwiki.platform:xwiki-platform-web-templates
Affected versions: 13.0.0 (fixed in 13.4.4)
Maven org.xwiki.platform:xwiki-platform-web-templates
Affected versions: 13.5.0 (fixed in 13.9)

Related CVEs

CVE-2022-24819

Key Information

GHSA ID
GHSA-97jg-43c9-q6pf
Published
April 8, 2022 9:53 PM
Last Modified
April 19, 2022 3:25 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-web-templates
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 23, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.