[MAVEN:GHSA-GF7X-2J2X-7F73] Missing authorization in xwiki-platform

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Any user with edit right can copy the content of a page it does not have access to by using it as template of a new page.

It has been patched in XWiki 13.2CR1 and 12.10.6

There is no workaround beside patching.

If you have any questions or comments about this advisory:
* Open an issue in Jira XWiki
* Email us at our security mailing list

Package	Affected Version
pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	>= 13.0, <= 13.1
pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	< 12.10.6

Package	Fixed Version
pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	= 13.2-rc-1
pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	= 12.10.6

Source	# ID	Name	URL
			https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73
			https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5
			https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554
			https://jira.xwiki.org/browse/XWIKI-18430
			https://nvd.nist.gov/vuln/detail/CVE-2022-23617
			https://github.com/advisories/GHSA-gf7x-2j2x-7f73

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	org.xwiki.platform	xwiki-platform-oldcore	>= 13.0 <= 13.1
Fixed	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	org.xwiki.platform	xwiki-platform-oldcore	= 13.2-rc-1
Affected	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	org.xwiki.platform	xwiki-platform-oldcore	< 12.10.6
Fixed	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore	org.xwiki.platform	xwiki-platform-oldcore	= 12.10.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date