Description
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
Remediation
References
Related Vulnerabilities
WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)
Joomla CVE-2012-0819 Vulnerability (CVE-2012-0819)
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Security Bypass (5.4)
WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)