The same file cannot be opened with different rights
CVE-2023-46743
7.4HIGH
What is CVE-2023-46743?
The Collabora Online integration in XWiki has a vulnerability that allows users with only view permissions on document attachments to retain editing capabilities if another user initiates an editing session. This issue occurs because the userCanWrite
permission status is incorrectly cached, thereby compromising the intended access controls. Remediation has been implemented in version 1.3.
Affected Version(s)
application-collabora < 1.3