The vulnerability of the XWiki platform for creating collaborative web applications lies in the lack of protection for administrative data. This allows attackers to disclose information about users’ email addresses.

🗓️ 14 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

XWiki platform is vulnerable due to unprotected admin and user data, enabling email disclosure.

Reporter	Title	Published	Views	Family All 10
CNNVD	XWiki Platform Information Disclosure Vulnerability	15 Dec 202300:00	–	cnnvd
CVE	CVE-2023-50720	15 Dec 202319:02	–	cve
Cvelist	CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users	15 Dec 202319:02	–	cvelist
Github Security Blog	Solr search discloses email addresses of users	16 Dec 202300:32	–	github
Nuclei	XWiki < 4.10.15 - Email Disclosure	16 Jun 202607:13	–	nuclei
NVD	CVE-2023-50720	15 Dec 202319:15	–	nvd
OSV	CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users	15 Dec 202319:02	–	osv
OSV	GHSA-2GRH-GR37-2283 Solr search discloses email addresses of users	16 Dec 202300:32	–	osv
Prion	Design/Logic Flaw	15 Dec 202319:15	–	prion
RedhatCVE	CVE-2023-50720	9 Jan 202609:29	–	redhatcve

Source	Link
github	www.github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283
jira	www.jira.xwiki.org/browse/XWIKI-20371
web	www.web.nvd.nist.gov/view/vuln/detail

14 Feb 2024 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 25

CVSS 35.3

EPSS0.59119

XWiki platform admin data user data email disclosure