Requarks Wiki.js 2.5.274

CPE Details

Requarks Wiki.js 2.5.274
requarks
wiki.js
2.5.274
2022-03-01
00h03 +00:00
2022-03-04
18h45 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:requarks:wiki.js:2.5.274:*:*:*:*:*:*:*

Informations

Vendor

requarks

Product

wiki.js

Version

2.5.274

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-1681 2022-05-12 05h45 +00:00 Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
7.2
Haute
CVE-2022-23654 2022-02-22 19h05 +00:00 Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
8.1
Haute