PT-2023-20667 · Unknown · Xwiki Platform

Michael Hamann

Publicado

2023-03-02

Atualizado

2023-03-14

CVE-2023-26476

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 3.2-m3 through 13.4.3 XWiki Platform versions 3.2-m3 through 13.10.8 XWiki Platform versions prior to 14.7-rc-1

Description XWiki Platform is a generic wiki platform. The issue allows users to deduce the content of the password fields by repeated calls to LiveTableResults and WikisLiveTableResultsMacros.

Recommendations For XWiki Platform versions 3.2-m3 and later, apply the patch manually on LiveTableResults and WikisLiveTableResultsMacros. For XWiki Platform versions prior to 13.4.4, upgrade to version 13.4.4 or higher. For XWiki Platform versions prior to 13.10.9, upgrade to version 13.10.9 or higher. For XWiki Platform versions prior to 14.7-rc-1, upgrade to version 14.7-rc-1 or higher.

Exploit

Correção

Information Disclosure

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-307

Identificadores relacionados

CVE-2023-26476

GHSA-5CF8-VRR8-8HJM

Produtos afetados

Xwiki Platform

PT-2023-20667 · Unknown · Xwiki Platform

CVE-2023-26476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10