{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T04:12:08.183","vulnerabilities":[{"cve":{"id":"CVE-2024-45591","sourceIdentifier":"security-advisories@github.com","published":"2024-09-10T16:15:21.340","lastModified":"2024-09-20T19:55:54.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1."},{"lang":"es","value":"La plataforma XWiki es una plataforma wiki genérica. La API REST expone el historial de cualquier página en XWiki de la que el atacante conozca el nombre. La información expuesta incluye, para cada modificación de la página, la hora de la modificación, el número de versión, el autor de la modificación (tanto el nombre de usuario como el nombre mostrado) y el comentario de la versión. Esta información se expone independientemente de la configuración de los derechos, e incluso cuando la wiki está configurada para ser completamente privada. En una wiki privada, esto se puede comprobar accediendo a /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history; si muestra el historial de la página principal, la instalación es vulnerable. Esto se ha corregido en XWiki 15.10.9 y XWiki 16.3.0RC1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"},{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8","versionEndExcluding":"15.10.9","matchCriteriaId":"83FA206B-6FB4-403A-867D-9CA434ACE9D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.3.0","matchCriteriaId":"E76E1D62-00AC-4BE0-9225-D520A520BA7B"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22052","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]}]}}]}