Moderate severityNVD Advisory· Published Jun 23, 2023· Updated Nov 29, 2024
XWiki Platform's tags on non-viewable pages can be revealed to users
CVE-2023-34466
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-tag-apiMaven | >= 5.0-milestone-1, < 14.4.8 | 14.4.8 |
org.xwiki.platform:xwiki-platform-tag-apiMaven | >= 14.5, < 14.10.4 | 14.10.4 |
Affected products
1- Range: >= 5.0-milestone-1, < 14.4.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-7f2f-pcv3-j2r7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34466ghsaADVISORY
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7ghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-20002ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.