CVE-2023-34466

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 5.0-milestone-1 through 14.4.7 XWiki Platform versions 14.4.8 is not affected, but versions prior to 14.10.4 are affected XWiki Platform versions prior to 15.0-rc-1

Description The XWiki Platform leaks tags from pages not viewable to the current user through the tags API. This information can also be exploited to infer the document reference of non-viewable pages.

Recommendations For XWiki Platform versions 5.0-milestone-1 through 14.4.7, update to version 14.4.8 or later. For XWiki Platform versions prior to 14.10.4, update to version 14.10.4 or later. For XWiki Platform versions prior to 15.0-rc-1, update to version 15.0-rc-1 or later. As a temporary workaround, consider restricting access to the tags API until a patch is available.