How severe is CVE-2022-41930?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-41930?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2022-41930 - HIGH Severity | CVSS 8.2

Vulnerability Description

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.

Related Vulnerabilities

CVE-2020-24718

HIGH

CVSS:8.2(High)

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonst...

CWE-8622020

CVE-2022-0871

HIGH

CVSS:8.2(High)

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CWE-8622022

CVE-2022-1066

HIGH

CVSS:8.2(High)

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CWE-8622022

CVE-2022-3321

HIGH

CVSS:8.2(High)

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by en...

CWE-8622022

CVE-2023-37862

HIGH

CVSS:8.2(High)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...

CWE-8622023

CVE-2023-40608

HIGH

CVSS:8.2(High)

Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.

CWE-8622023