Vulnerability Database
296,772
Total vulnerabilities in the database
CVE-2022-41930
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page XWiki.XWikiUserProfileSheet in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.
| Software | From | Fixed in |
|---|---|---|
| xwiki / xwiki | 14.0.0 | 14.4.2 |
| xwiki / xwiki | 12.4 | 13.10.7 |
| xwiki / xwiki | 14.4.3 | 14.4.3.x |
| xwiki / xwiki | 14.4.4 | 14.4.4.x |
org.xwiki.platform / xwiki-platform-user-profile-ui
|
12.4 | 13.10.7 |
|
org.xwiki.platform / xwiki-platform-user-profile-ui
|
14.0.0 | 14.4.2 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime