Search for packages
| purl | pkg:maven/org.xwiki.platform/xwiki-platform@15.0-rc-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ep7-j2b3-duat
Aliases: CVE-2024-21648 GHSA-xh35-w7wg-95v3 |
XWiki has no right protection on rollback action ### Impact The rollback action is missing a right protection: it means that a user can rollback to a previous version of the page to gain rights they don't have anymore. This vulnerability impacts all version of XWiki since rollback action is available. ### Patches The problem has been patched in XWiki 14.10.16, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. ### Workarounds There's no workaround for this vulnerability, except paying attention to delete old versions of documents that could allow users to gain more rights. ### References * JIRA ticket: https://jira.xwiki.org/browse/XWIKI-21257 * Commit: [4de72875ca49602796165412741033bfdbf1e680](https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680) ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:04:18.282933+00:00 | GHSA Importer | Affected by | VCID-1ep7-j2b3-duat | https://github.com/advisories/GHSA-xh35-w7wg-95v3 | 38.0.0 |
| 2026-04-01T12:52:22.217129+00:00 | GitLab Importer | Affected by | VCID-1ep7-j2b3-duat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.xwiki.platform/xwiki-platform/CVE-2024-21648.yml | 38.0.0 |