CVE-2025-65089
XWiki view file macro: User can view content of office file without view rights on the attachment
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Productos afectados
xwikisas · xwiki-pro-macros¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →