CVE-2023-38509

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 3.5-milestone-1 through 14.10.8 XWiki Platform versions 15.3-rc-1 and earlier

Description The issue is related to the disclosure of information in the error data area of the XWiki Platform, specifically in the org.xwiki.platform:xwiki-platform-livetable-ui component. This could allow a remote attacker to gain unauthorized access to protected information. The mail obfuscation configuration was not fully taken into account, making it possible to still obtain obfuscated emails.

Recommendations For XWiki Platform versions 3.5-milestone-1 through 14.10.8, update to version 14.10.9 or later. For XWiki Platform versions 15.3-rc-1 and earlier, update to version 15.3-rc-1 or later. As a temporary workaround, consider modifying the page XWiki.LiveTableResultsMacros following the provided patch.