Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A user without PR can reset user authentication failures information
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Xwiki Platform 授权问题漏洞
Vulnerability Description
Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 12.6.88、12.10.4和13.0之前的版本中存在安全漏洞,该漏洞源于重置认证失败记录的脚本服务方法可以由任何具有脚本权限的用户执行而不需要具有编程权限。
CVSS Information
N/A
Vulnerability Type
N/A