Moderate severityNVD Advisory· Published Nov 23, 2022· Updated Apr 22, 2025
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2022-41935
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document XWiki.LiveTableResultsMacros can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-livetable-uiMaven | >= 12.10.11, < 13.10.8 | 13.10.8 |
org.xwiki.platform:xwiki-platform-livetable-uiMaven | >= 14.0.0, < 14.4.3 | 14.4.3 |
org.xwiki.platform:xwiki-platform-livetable-uiMaven | >= 14.5.0, < 14.6-rc-1 | 14.6-rc-1 |
Affected products
2- Range: >= 12.10.11, < 13.10.8
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p2x4-6ghr-6vmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41935ghsaADVISORY
- github.com/xwiki/xwiki-platform/commit/1450b6e3c69ac7df25e5a2571186d1f43402facdghsaWEB
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-p2x4-6ghr-6vmqghsaWEB
- jira.xwiki.org/browse/XWIKI-19999ghsaWEB
News mentions
0No linked articles in our index yet.