Skip to main content

Wiki Js CVE-2022-1681

HIGH
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2022-05-12 security@huntr.dev
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 12, 2022 - 08:15 nvd
HIGH 7.2

DescriptionNVD

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions

AnalysisAI

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-288. Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions Affected products include: Requarks Wiki.Js. Version information: prior to 2.5.281..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-25993 MEDIUM POC
5.4 Dec 29

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged

CVE-2021-43856 MEDIUM POC
5.4 Dec 27

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, lo

CVE-2021-43855 MEDIUM POC
5.4 Dec 27

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, lo

CVE-2021-21383 MEDIUM POC
5.4 Mar 18

Wiki.js an open-source wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely explo

CVE-2021-43800 HIGH
7.5 Dec 06

Wiki.js is a wiki app built on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2020-15236 HIGH
7.5 Oct 05

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with

CVE-2022-23654 MEDIUM
6.5 Feb 22

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, lo

CVE-2020-4052 MEDIUM
6.1 Jun 16

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. Rated medium severity (CVS

CVE-2021-43842 MEDIUM
5.4 Dec 20

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, lo

CVE-2020-15274 MEDIUM
5.4 Oct 26

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. R

CVE-2020-11051 MEDIUM
4.8 May 05

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerabi

CVE-2025-56643 CRITICAL
9.1 Nov 18

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. Rated critical s

Share

CVE-2022-1681 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy