How severe is CVE-2024-45591?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-45591?

This is classified as CWE-359, which is a common weakness in software security.

CVE-2024-45591 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.

Related Vulnerabilities

CVE-2017-16769

MEDIUM

CVSS:5.3(Medium)

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mod...

CWE-3592017

CVE-2019-15623

MEDIUM

CVSS:5.3(Medium)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

CWE-3592019

CVE-2021-21823

MEDIUM

CVSS:5.3(Medium)

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosur...

CWE-3592021

CVE-2021-22876

MEDIUM

CVSS:5.3(Medium)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip of...

CWE-3592021

CVE-2021-28559

MEDIUM

CVSS:5.3(Medium)

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticate...

CWE-3592021

CVE-2021-3980

MEDIUM

CVSS:5.3(Medium)

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CWE-3592021