CVE-2024-46978
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-46978 is a medium-severity vulnerability affecting the XWiki Platform, specifically versions since 13.2-rc-1. This issue allows users to manipulate another user's notification filter preferences by knowing their ID, potentially resulting in the loss of important notifications for the targeted user. The vulnerability has been patched in XWiki versions 14.10.21, 15.5.5, 15.10.1, and 16.0-rc-1, which includes improved user permission checks before executing actions on notification filters. Organizations are advised to upgrade their XWiki installations to mitigate this risk or manually edit the document XWiki.Notifications.Code.NotificationPreferenceService according to specific commit changes for a temporary fix. The vulnerability poses a significant integrity threat since it can disrupt user notification systems without requiring extensive privileges or user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.