XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545 | Exploit Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-19523 | Exploit Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-03-02 19:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-26473
Mitre link : CVE-2023-26473
CVE.ORG link : CVE-2023-26473
JSON object : View
Products Affected
xwiki
- xwiki
CWE