Description
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2022-21375 Vulnerability (CVE-2022-21375)
Cherokee Cryptographic Issues Vulnerability (CVE-2011-2190)
WordPress Plugin Redirection Cross-Site Request Forgery (3.6.2)
Joomla Improper Authentication Vulnerability (CVE-2014-6632)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)