High severityNVD Advisory· Published Apr 15, 2023· Updated Feb 6, 2025
Data leak through deleted documents
CVE-2023-29208
Description
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-oldcoreMaven | >= 1.2-milestone-1, < 13.10.11 | 13.10.11 |
org.xwiki.platform:xwiki-platform-oldcoreMaven | >= 14.0-rc-1, < 14.4.7 | 14.4.7 |
org.xwiki.platform:xwiki-platform-oldcoreMaven | >= 14.5, < 14.10 | 14.10 |
Affected products
2- Range: >= 1.2-milestone-1, < 13.10.11
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4f8g-fq6x-jqrrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29208ghsaADVISORY
- github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7ghsax_refsource_MISCWEB
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrrghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-16285ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.