CVE-2024-30263

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Apr 4, 2024

CWE ID 200

Summary

CVE-2024-30263 is a vulnerability affecting the macro-pdfviewer PDF Viewer Macro for XWiki, which utilizes Mozilla's pdf.js. This issue permits users with edit rights to access restricted PDF attachments by passing the attachment URL as a parameter. Users with view rights can also be impacted if they view public pages displaying the PDF Viewer macro with the URL of a restricted attachment. This vulnerability has been mitigated in version 2.5.1 of the macro-pdfviewer.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vMjy3D
https://www.cve.org/CVERecord?id=CVE-2024-30263
https://nvd.nist.gov/vuln/detail/CVE-2024-30263

Back to Vulnerability Database

CVE-2024-30263

CVSS 3.1 Score 7.7 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations