← Back

CVE-2023-38509

nvd nist
Published: Nov 7, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.

Affected (1)

Products: Xwiki: Xwiki
Xwiki
1 product
Xwiki
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Xwiki
From 3.5 to 14.10.9

Related CWEs

CWE-402
Transmission of Private Resources into a New Sphere ('Resource Leak')
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

References (8)

Source: security-advisories@github.com
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.