CVE-2023-38509

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0
https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c	Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-20601	Exploit Issue Tracking Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0
https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c	Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-20601	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:13

Type	Values Removed	Values Added
References	~~() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 -~~	() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 -
References	~~() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c - Patch~~	() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c - Patch
References	~~() https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g - Third Party Advisory~~	() https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g - Third Party Advisory
References	~~() https://jira.xwiki.org/browse/XWIKI-20601 - Exploit, Issue Tracking, Vendor Advisory~~	() https://jira.xwiki.org/browse/XWIKI-20601 - Exploit, Issue Tracking, Vendor Advisory

18 Mar 2024, 18:15

Type	Values Removed	Values Added
References	~~{'url': 'ttps://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0', 'tags': ['Broken Link'], 'source': 'security-advisories@github.com'}~~	() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 -

14 Nov 2023, 18:44

Type	Values Removed	Values Added
CPE		cpe:2.3:a:xwiki:xwiki::::::::
References	~~() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c -~~	() https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c - Patch
References	~~() https://jira.xwiki.org/browse/XWIKI-20601 -~~	() https://jira.xwiki.org/browse/XWIKI-20601 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g -~~	() https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g - Third Party Advisory
References	~~() ttps://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 -~~	() ttps://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
First Time		Xwiki Xwiki xwiki

07 Nov 2023, 12:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 04:17

Updated : 2024-11-21 08:13

NVD link : CVE-2023-38509

Mitre link : CVE-2023-38509

CVE.ORG link : CVE-2023-38509

JSON object : View

Products Affected

xwiki

xwiki

CWE

CWE-402

Transmission of Private Resources into a New Sphere ('Resource Leak')

4.3 /10