Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26476

XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.

Published

2023-03-02T19:15:11.567

Last Modified

2024-11-21T07:51:35.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	xwiki	< 13.4.4	Yes
Application	xwiki	xwiki	< 13.10.9	Yes
Application	xwiki	xwiki	< 14.7	Yes
Application	xwiki	xwiki	3.2	Yes
Application	xwiki	xwiki	14.7	Yes

References

https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8 Patch ([email protected])
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-19949 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jira.xwiki.org/browse/XWIKI-19949 Exploit, Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)