CVE-2022-23619

Опубликовано: 09 фев. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18787
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18787
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия до 12.10.9 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.4 (включая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 13.4.2 (включая) до 13.6 (включая)

EPSS

Процентиль: 21%

0.00069

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

CWE-640

Связанные уязвимости

GHSA-35fg-hjcr-j65f

CVSS3: 5.3

github

почти 4 года назад

Information exposure in xwiki-platform

EPSS

Процентиль: 21%

0.00069

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

CWE-640