Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Data leak through deleted documents
Vulnerability Description
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
XWiki Commons 安全漏洞
Vulnerability Description
XWiki Commons是其他几个顶级 XWiki 项目共有的技术库。 XWiki Commons 存在安全漏洞,该漏洞源于一旦文档被删除,添加到文档的权限将不会被考虑用于查看它。
CVSS Information
N/A
Vulnerability Type
N/A