Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-gf7x-2j2x-7f73

GitHub Security Advisory

Missing authorization in xwiki-platform

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

Any user with edit right can copy the content of a page it does not have access to by using it as template of a new page.

### Patches

It has been patched in XWiki 13.2CR1 and 12.10.6

### Workarounds

There is no workaround beside patching.

### References

https://jira.xwiki.org/browse/XWIKI-18430

### For more information

If you have any questions or comments about this advisory:
* Open an issue in [Jira XWiki](https://jira.xwiki.org)
* Email us at [our security mailing list](mailto:[email protected])

Affected Packages

Maven org.xwiki.platform:xwiki-platform-oldcore
Affected versions: 0 (fixed in 12.10.6)
Maven org.xwiki.platform:xwiki-platform-oldcore
Affected versions: 13.0 (fixed in 13.2-rc-1)

Related CVEs

CVE-2022-23617

Key Information

GHSA ID
GHSA-gf7x-2j2x-7f73
Published
February 9, 2022 9:41 PM
Last Modified
February 9, 2022 9:41 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-oldcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.