XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
History

Wed, 27 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T16:33:01.388Z

Updated: 2024-11-27T20:47:29.305Z

Reserved: 2023-06-14T14:17:52.177Z

Link: CVE-2023-35151

cve-icon Vulnrichment

Updated: 2024-08-02T16:23:59.701Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T17:15:09.457

Modified: 2024-11-21T08:08:02.453

Link: CVE-2023-35151

cve-icon Redhat

No data.