CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service

🗓️ 20 Nov 2023 17:58:54Reported by GitHub_MType

XWiki Solr-based search suggestion provider vulnerability

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the XWiki platform, caused by deficiencies in the authentication process, allows unauthorized users to gain access to protected information.	14 Feb 202400:00	–	bdu_fstec
CNNVD	XWiki Platform Security Vulnerability	20 Nov 202300:00	–	cnnvd
CVE	CVE-2023-48241	20 Nov 202317:58	–	cve
Github Security Blog	Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service	20 Nov 202321:00	–	github
Nuclei	XWiki < 4.10.15 - Information Disclosure	16 Jun 202607:13	–	nuclei
NVD	CVE-2023-48241	20 Nov 202318:15	–	nvd
OpenVAS	XWiki 6.3 < 14.10.15, 15.x < 15.5.1 Information Disclosure Vulnerability (GHSA-7fqr-97j7-jgf4)	26 Dec 202300:00	–	openvas
OSV	CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service	20 Nov 202317:58	–	osv
OSV	GHSA-7FQR-97J7-JGF4 Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service	20 Nov 202321:00	–	osv
Prion	Information disclosure	20 Nov 202318:15	–	prion

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": ">= 6.3-milestone-2, < 14.10.15",
        "status": "affected"
      },
      {
        "version": ">= 15.0-rc-1, < 15.5.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4
jira	www.jira.xwiki.org/browse/XWIKI-21138

20 Nov 2023 17:58Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.7282

CWE-285