CVE-2024-52298

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 13, 2024

CWE ID 615

Summary

CVE-2024-52298 is a vulnerability affecting the macro-pdfviewer PDF Viewer Macro for XWiki, which utilizes Mozilla pdf.js. An attacker can exploit this flaw by gaining access to view any attachment through the "Delegate my view right" feature, as long as they have the ability to view a page whose last author has access to the attachment. The attacker needs only to provide a reference to a PDF file to the macro. By accessing the Page Index or Attachments tab, the attacker can obtain the attachment reference, even if it appears as N/A in the UI. The vulnerability is resolved in version 2.5.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0Rymk_
https://www.cve.org/CVERecord?id=CVE-2024-52298
https://nvd.nist.gov/vuln/detail/CVE-2024-52298

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-52298

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations