CVE-2024-38369: Xwiki Include Macro Author Rights Comparison
Authorization decision for included/displayed content is gated by an equality comparison between the included document's content author and the current author (Objects.equals(getContentAuthorReference(), getCurrentAuthorReference())). This pattern only switches the author execution context when authors differ, so any document edited by a user that is include
greprules fetch cve-2024-38369-xwiki-include-macro-author-rights-comparison --engine opengrepDescription
Authorization decision for included/displayed content is gated by an equality comparison between the included document's content author and the current author (Objects.equals(getContentAuthorReference(), getCurrentAuthorReference())). This pattern only switches the author execution context when authors differ, so any document edited by a user that is include
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.