PT-2023-20667 · Unknown · Xwiki Platform
Michael Hamann
·
Published
2023-03-02
·
Updated
2023-03-14
·
CVE-2023-26476
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions 3.2-m3 through 13.4.3
XWiki Platform versions 3.2-m3 through 13.10.8
XWiki Platform versions prior to 14.7-rc-1
Description
XWiki Platform is a generic wiki platform. The issue allows users to deduce the content of the password fields by repeated calls to
LiveTableResults and WikisLiveTableResultsMacros.Recommendations
For XWiki Platform versions 3.2-m3 and later, apply the patch manually on
LiveTableResults and WikisLiveTableResultsMacros.
For XWiki Platform versions prior to 13.4.4, upgrade to version 13.4.4 or higher.
For XWiki Platform versions prior to 13.10.9, upgrade to version 13.10.9 or higher.
For XWiki Platform versions prior to 14.7-rc-1, upgrade to version 14.7-rc-1 or higher.Exploit
Fix
Information Disclosure
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xwiki Platform