- Description
- XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F15FA67A-285D-46DF-98F0-2FCE86D7AC66",
"versionEndExcluding": "14.4.8",
"versionStartIncluding": "7.4"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F74638E1-2D3D-4FFD-921E-09C383F880DF",
"versionEndExcluding": "14.10.6",
"versionStartIncluding": "14.10"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:7.3:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E11F6C8-8A49-4C44-B976-270ED12FA2E7"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F9D9551-B148-44B6-A5B3-889E6E7B72E8"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
}
],
"operator": "OR"
}
]
}
]