CVE-2024-52299

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 13, 2024
CWE ID 340

Summary

CVE-2024-52299 is a vulnerability affecting the macro-pdfviewer PDF Viewer Macro for XWiki, which uses Mozilla pdf.js. This issue allows any user with view rights on XWiki.PDFViewerService to gain unauthorized access to attachments stored in the wiki. The vulnerability occurs as a result of an incorrectly computed prevention method. Skipping on the digest stream does not update the digest, enabling unauthorized access. This issue is resolved in version 2.5.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share