Lucene search

Solr search discloses password hashes of all users

🗓️ 16 Dec 2023 00:54:03Reported by GoogleType

osv🔗 osv.dev👁 28 Views

Solr search exposes user password hashes to unauthorized users, XWiki vulnerability CVE-2022-41933

Reporter	Title	Published	Views	Family All 19
Github Security Blog	Solr search discloses password hashes of all users	16 Dec 202300:03	–	github
Github Security Blog	Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default	21 Nov 202222:37	–	github
CNVD	XWiki Platform Information Disclosure Vulnerability	25 Nov 202200:00	–	cnvd
Cvelist	CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users	15 Dec 202319:02	–	cvelist
Cvelist	CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default	23 Nov 202200:00	–	cvelist
Vulnrichment	CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users	15 Dec 202319:02	–	vulnrichment
Prion	Default credentials	15 Dec 202319:15	–	prion
Prion	Default credentials	23 Nov 202221:15	–	prion
CVE	CVE-2022-41933	23 Nov 202221:15	–	cve
CVE	CVE-2023-50719	15 Dec 202319:15	–	cve

Source	Link
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-50719
github	www.github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
github	www.github.com/xwiki/xwiki-platform
jira	www.jira.xwiki.org/browse/XWIKI-21208

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Dec 2023 00:03Current

7High risk

Vulners AI Score7

CVSS37.5

EPSS0.36369

SSVC