CNNVD-202512-037 Information
CNNVD ID
CNNVD-202512-037
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 16.7.0版本至16.10.11版本、17.4.4版本和17.7.0版本存在访问控制错误漏洞,该漏洞源于XJetty包暴露上下文可能导致访问包含凭据的文件。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. The access control error gap that exists in the XWiki Platform 16.7.0 to 16.10.11, 17.4.4 and 17.7.0 resulted from the exposure of the XJetti package to the context that could lead to access to documents containing evidence.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
XWiki
Published
2025-12-01
Last Modified
2026-02-24
References
https://jira.xwiki.org/browse/XWIKI-23438 https://github.com/xwiki/xwiki-platform/commit/99a04a0e2143583f5154a43e02174155da7e8e10 https://github.com/xwiki/xwiki-platform/compare/8b68d8a70b43f25391b3ee48477d7eb71b95cf4b…99a04a0e2143583f5154a43e02174155da7e8e10 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9 https://github.com/xwiki/xwiki-platform/commit/42fb063749dd88cc78196f72d7318b7179285ebd https://access.redhat.com/security/cve/cve-2025-55749
Patch
https://github.com/xwiki/xwiki-platform/releases
Share on: