Requarks Wiki.js 2.5.268

CPE Details

Requarks Wiki.js 2.5.268
requarks
wiki.js
2.5.268
2022-01-05
16h17 +00:00
2022-01-08
00h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:requarks:wiki.js:2.5.268:*:*:*:*:*:*:*

Informations

Vendor

requarks

Product

wiki.js

Version

2.5.268

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1681 2022-05-12 05h45 +00:00 Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
7.2
High
CVE-2022-23654 2022-02-22 19h05 +00:00 Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
8.1
High