CVE-2023-34466

Published: Jun 23, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.

Affected (3)

Products: Xwiki: Xwiki

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Xwiki Xwiki	From 14.10 to 14.10.4
Xwiki Xwiki	From 5.0.1 to 14.4.8
Xwiki Xwiki	Version 5.0 milestone1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7

Source: security-advisories@github.com

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-20002

Source: security-advisories@github.com

ExploitIssue TrackingPatchVendor Advisory

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-20002

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

Timeline

No history available yet.