CVE-2023-35151

Опубликовано: 23 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-16138
Issue Tracking
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-16138
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 7.4 (включая) до 14.4.8 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.10 (включая) до 14.10.6 (исключая)

cpe:2.3:a:xwiki:xwiki:7.3:milestone1:*:*:*:*:*:*

cpe:2.3:a:xwiki:xwiki:15.0:*:*:*:*:*:*:*

cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00208

Низкий

7.5 High

CVSS3

Дефекты

CWE-359

CWE-668

Связанные уязвимости

GHSA-8g9c-c9cm-9c56