CVE-2023-35151

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:7.3:milestone1:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:15.0:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*

History

21 Nov 2024, 08:08

Type Values Removed Values Added
References () https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede - Patch, Vendor Advisory () https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede - Patch, Vendor Advisory
References () https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56 - Vendor Advisory () https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56 - Vendor Advisory
References () https://jira.xwiki.org/browse/XWIKI-16138 - Issue Tracking, Vendor Advisory () https://jira.xwiki.org/browse/XWIKI-16138 - Issue Tracking, Vendor Advisory

30 Jun 2023, 07:28

Type Values Removed Values Added
References (MISC) https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56 - (MISC) https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56 - Vendor Advisory
References (MISC) https://jira.xwiki.org/browse/XWIKI-16138 - (MISC) https://jira.xwiki.org/browse/XWIKI-16138 - Issue Tracking, Vendor Advisory
References (MISC) https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede - (MISC) https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:7.3:milestone1:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:15.0:*:*:*:*:*:*:*
First Time Xwiki
Xwiki xwiki
CWE CWE-359 CWE-668

23 Jun 2023, 17:21

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-23 17:15

Updated : 2024-11-21 08:08


NVD link : CVE-2023-35151

Mitre link : CVE-2023-35151

CVE.ORG link : CVE-2023-35151


JSON object : View

Products Affected

xwiki

  • xwiki
CWE
CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

CWE-668

Exposure of Resource to Wrong Sphere