Description

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.

Remediation

References

CVE-2023-35151

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)

WordPress Plugin 301 Redirects-Easy Redirect Manager Cross-Site Request Forgery (2.72)

WordPress Plugin BigDoor Quick Gamification for WordPress Cross-Site Scripting (1.0.5)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-0214)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)

Severity

High

Classification

CVE-2023-35151 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities