Vulnerability Description
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 7.4, < 14.4.8 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0adPatchVendor Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56Vendor Advisory
- https://jira.xwiki.org/browse/XWIKI-16138Issue TrackingVendor Advisory
- https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0adPatchVendor Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56Vendor Advisory
- https://jira.xwiki.org/browse/XWIKI-16138Issue TrackingVendor Advisory
FAQ
What is CVE-2023-35151?
CVE-2023-35151 is a vulnerability with a CVSS score of 7.5 (HIGH). XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, ev...
How severe is CVE-2023-35151?
CVE-2023-35151 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35151?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.