| |
Vulnerability CVE-2023-35151
Published: 2023-06-23
Description: |
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. |
Type:
CWE-359 (Privacy Violation)
References: |
https://jira.xwiki.org/browse/XWIKI-16138
https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56
|
|
|
Copyright 2024, cxsecurity.com
|
|
|