CVE-2021-32731

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the resetpasswordinline.vm to perform the changes made to mitigate the vulnerability.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm
Patch
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18400
Issue Tracking
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm
Patch
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18400
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:13.1:-:*:*:*:*:*:*

cpe:2.3:a:xwiki:xwiki:13.1:rc1:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00087

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-h4m4-pgp4-whgm