Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-50720
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-15 Dec, 2023 | 19:15
Updated At-19 Dec, 2023 | 20:52

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
XWiki SAS
xwiki
>>xwiki>>Versions before 14.10.5(exclusive)
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>Versions from 15.0(inclusive) to 15.5.2(exclusive)
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>15.6
cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>15.6
cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>15.7
cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-200Secondarysecurity-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eeasecurity-advisories@github.com
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283security-advisories@github.com
Patch
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20371security-advisories@github.com
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://jira.xwiki.org/browse/XWIKI-20371
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Vendor Advisory
Change History
0Changes found
Details not found