Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-23619 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.

Remediation

References

https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f

https://jira.xwiki.org/browse/XWIKI-18787

Related Vulnerabilities

CVE-2021-46708 Vulnerability in maven package org.webjars.bower:swagger-ui

CVE-2022-23458 Vulnerability in npm package tui-grid

CVE-2019-2391 Vulnerability in npm package bson

CVE-2023-26132 Vulnerability in npm package dottie

CVE-2022-2421 Vulnerability in maven package org.webjars.npm:socket.io-parser

Severity

High

Classification

CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory