CVE-2024-30263

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30263
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/xwikisas/macro-pdfviewer/issues/49
https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f
https://github.com/xwikisas/macro-pdfviewer/issues/49
https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
Summary
  • (es) macro-pdfviewer es un macro de visor de PDF para XWiki que utiliza Mozilla pdf.js. Los usuarios con derechos de edición pueden acceder a archivos adjuntos PDF restringidos utilizando el macro Visor de PDF, simplemente pasando la URL del archivo adjunto como el valor del parámetro ``archivo``. Los usuarios con derechos de visualización pueden acceder a archivos adjuntos PDF restringidos si se muestran en páginas públicas donde se llama a la macro del Visor de PDF utilizando la URL del archivo adjunto en lugar de su referencia. Esta vulnerabilidad ha sido parcheada en la versión 2.5.1.
References () https://github.com/xwikisas/macro-pdfviewer/issues/49 - () https://github.com/xwikisas/macro-pdfviewer/issues/49 -
References () https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f - () https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f -

04 Apr 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-04 17:15

Updated : 2024-11-21 09:11

NVD link : CVE-2024-30263

Mitre link : CVE-2024-30263

CVE.ORG link : CVE-2024-30263

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024