Maven package
org.xwiki.platform/xwiki-platform-search-solr-api
pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32971 | — | >= 4.5.1, < 15.10.13 | 15.10.13 | Apr 30, 2025 | XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is acces | ||
| CVE-2023-50719 | — | >= 7.2-milestone-2, < 14.10.15 | 14.10.15 | Dec 15, 2023 | XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user | ||
| CVE-2023-50720 | — | < 14.10.15 | 14.10.15 | Dec 15, 2023 | XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email* |
- CVE-2025-32971Apr 30, 2025affected >= 4.5.1, < 15.10.13fixed 15.10.13
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is acces
- CVE-2023-50719Dec 15, 2023affected >= 7.2-milestone-2, < 14.10.15fixed 14.10.15
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user
- CVE-2023-50720Dec 15, 2023affected < 14.10.15fixed 14.10.15
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*