What is CVE-2024-52298?

CVE-2024-52298 is a high-severity vulnerability in Xwikisas Macro-pdfviewer, classified under CWE-615. CVSS score: 7.5/10. Published 2024-11-13.

How severe is CVE-2024-52298?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Xwikisas Macro-pdfviewer

CVE-2024-52298

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has a…

EPSS: 0.005 (64.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Xwikisas Macro-pdfviewer — versions >= 1.6.2, < 2.5.6

Weakness classification (CWE)

CWE-615

References

https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-hph4-7j37-7c97 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-52298?: CVE-2024-52298 is a high-severity vulnerability in Xwikisas Macro-pdfviewer, classified under CWE-615. CVSS score: 7.5/10. Published 2024-11-13.
How severe is CVE-2024-52298?: High severity. CVSS v3 base score is 7.5 out of 10.