How severe is CVE-2022-31167?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-31167?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2022-31167

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-285

View all →

Vulnerability Description

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.

CVE-2015-10033

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. T...

CWE-2852015

CVE-2017-0896

MEDIUM

CVSS:6.5(Medium)

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite oth...

CWE-2852017

CVE-2017-0927

MEDIUM

CVSS:6.5(Medium)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

CWE-2852017

CVE-2017-2686

MEDIUM

CVSS:6.5(Medium)

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informati...

CWE-2852017

CVE-2017-9268

MEDIUM

CVSS:6.5(Medium)

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did no...

CWE-2852017

CVE-2018-0391

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is d...

CWE-2852018

CVE-2022-31167

Vulnerability Description

Related Vulnerabilities

CVE-2015-10033

CVE-2017-0896

CVE-2017-0927

CVE-2017-2686

CVE-2017-9268

CVE-2018-0391