Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52299

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.

Published

2024-11-13T16:15:19.990

Last Modified

2024-11-18T17:29:37.337

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-340
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	pdf_viewer_macro	< 2.5.6	Yes

References

https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-522m-m242-jr9p Third Party Advisory ([email protected])