CVE-2024-46979
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-46979 is a vulnerability affecting all versions of the XWiki Platform since 13.2-rc-1, allowing unauthorized access to user notification filters via a specific URL. Although the exposed filters mainly contain public data, they could potentially be exploited alongside other vulnerabilities, posing a medium-level confidentiality risk. The vulnerability has been addressed in XWiki versions 14.10.21, 15.5.5, 15.10.1, and 16.0RC1 through a patch that verifies user rights before data transmission. Users are advised to upgrade to these patched versions or manually apply the patch by editing the document XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults. Failure to remediate this issue may expose organizations to low-level information leakage risks over the network without requiring user interaction or special privileges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.