XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-23T16:33:01.388Z
Updated: 2024-11-27T20:47:29.305Z
Reserved: 2023-06-14T14:17:52.177Z
Link: CVE-2023-35151
Vulnrichment
Updated: 2024-08-02T16:23:59.701Z
NVD
Status : Modified
Published: 2023-06-23T17:15:09.457
Modified: 2024-11-21T08:08:02.453
Link: CVE-2023-35151
Redhat
No data.