Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24898

April 28, 2022, 8:15 p.m. |

National Vulnerability Database nist.gov

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving …

cve

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, TX, Virtual Location - Texas

Cyber Security Engineer

@ GWA Group | Derrimut, Victoria, Australia

Threat Intelligence Consultant- Remote (Anywhere in the U.S.)

@ GuidePoint Security LLC | Remote

Senior Cloud Security Engineer

@ Reddit | Atlanta, GA

Information Security Officer

@ Vix Technology | Cambridge, England, United Kingdom

Information Security Manager (12m FTC)

@ PlayStation Global | United Kingdom, London

Vulnerability Management Engineer (Qualys)

@ Aperia | Dallas, Texas, United States - Remote

Information Security Officer (US)

@ Form3 | 100% Remote - New York

Information Systems Security Officer (ISSO)

@ Spry Methods | Denver, CO

Client Manager - Cybersecurity - Nashville Enterprise

@ Optiv | Nashville, TN

Threat Analyst | Remote, USA

@ Optiv | Minneapolis, MN

Senior Cyber Security SME

@ Node.Digital | Dulles, Virginia, United States