CVSS: 7.5EPSS: 36%CPEs: 7EXPL: 0CVE-2023-50719 – XWiki Platform Solr search discloses password hashes of all users
https://notcve.org/view.php?id=CVE-2023-50719
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh https://jira.xwiki.org/browse/XWIKI-21208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 0CVE-2023-50720 – XWiki Platform Solr search discloses email addresses of users
https://notcve.org/view.php?id=CVE-2023-50720
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283 https://jira.xwiki.org/browse/XWIKI-20371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49280 – Data leak of password hash through xwiki change request
https://notcve.org/view.php?id=CVE-2023-49280
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. • https://github.com/xwiki-contrib/application-changerequest/commit/ff0f5368ea04f0e4aa7b33821c707dc68a8c5ca8 https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-2fr7-cc7p-p45q https://jira.xwiki.org/browse/CRAPP-302 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48293 – XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
https://notcve.org/view.php?id=CVE-2023-48293
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availability of the whole XWiki instance. A possible attack vector are comments on the wiki, by embedding an image with wiki syntax like `[[image:path:/xwiki/bin/view/Admin/QueryOnXWiki? • https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv https://jira.xwiki.org/browse/ADMINTOOL-92 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48292 – XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
https://notcve.org/view.php?id=CVE-2023-48292
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. • https://github.com/xwiki-contrib/application-admintools/commit/03815c505c9f37006a0c56495e862dc549a39da8 https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-8jpr-ff92-hpf9 https://jira.xwiki.org/browse/ADMINTOOL-91 • CWE-352: Cross-Site Request Forgery (CSRF) •