XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.
References
| Link | Resource |
|---|---|
| https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 | |
| https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c | Patch |
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g | Third Party Advisory |
| https://jira.xwiki.org/browse/XWIKI-20601 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
18 Mar 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
14 Nov 2023, 18:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c - Patch | |
| References | () https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g - Third Party Advisory | |
| References | () ttps://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 - Broken Link | |
| References | () https://jira.xwiki.org/browse/XWIKI-20601 - Exploit, Issue Tracking, Vendor Advisory | |
| CPE | cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| First Time |
Xwiki
Xwiki xwiki |
07 Nov 2023, 12:14
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-07 04:17
Updated : 2024-03-18 18:15
NVD link : CVE-2023-38509
Mitre link : CVE-2023-38509
CVE.ORG link : CVE-2023-38509
JSON object : View
Products Affected
xwiki
- xwiki
CWE
CWE-402
Transmission of Private Resources into a New Sphere ('Resource Leak')