Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Users can be created even when registration is disabled without validation via the template macro in xwiki-platform
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
XWiki Platform 访问控制错误漏洞
Vulnerability Description
XWiki Platform是法国XWiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 存在访问控制错误漏洞,该漏洞源于如果 guest 对任何文档具有查看权限。有可能在错误的环境中使用 `distribution/firstadminuser.wiki` 以创建新用户。
CVSS Information
N/A
Vulnerability Type
N/A