CVE-2024-46979
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.xwiki.platform:xwiki-platform-notifications-ui | >=13.2-rc-1,<14.10.21 | 14.10.21 |
| Maven | org.xwiki.platform:xwiki-platform-notifications-ui | >=15.0-rc-1,<15.5.5 | 15.5.5 |
| Maven | org.xwiki.platform:xwiki-platform-notifications-ui | >=15.6-rc-1,<15.10.1 | 15.10.1 |
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w
- https://nvd.nist.gov/vuln/detail/CVE-2024-46979
- https://github.com/xwiki/xwiki-platform/commit/29e5edbb2b7068ada17290cea41e0aa8144e1294
- https://github.com/xwiki/xwiki-platform/commit/a0352922a1a61e0e858a9be89d73f0665630a63a
- https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582
- https://github.com/xwiki/xwiki-platform/commit/ed090d1aa228848d3860968c437b72db3b09119f
- https://github.com/xwiki/xwiki-platform
- https://jira.xwiki.org/browse/XWIKI-20336
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.