Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-29203
HistoryApr 15, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-04-1516:15:00
PRIOn knowledge base
www.prio-n.com
1
design flaw
logic flaw
xwiki commons
user privacy
patched issue
information disclosure

0.001 Low

EPSS

Percentile

32.7%

JSON

XWiki Commons are technical libraries common to several other top level XWiki projects. It’s possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.

Related

osv 2
github 1
openvas 1
cve 1
cvelist 1
nvd 1
osv
osv
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
2023-04-12 20:40:00
CVE-2023-29203
2023-04-15 16:15:07
github
github
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
2023-04-12 20:40:00
openvas
openvas
XWiki 13.9-rc-1 < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.7-rc-1 Information Disclosure Vulnerability (GHSA-vvp7-r422-rx83)
2023-04-26 00:00:00
cve
cve
CVE-2023-29203
2023-04-15 16:15:07
cvelist
cvelist
CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
2023-04-15 15:17:46
nvd
nvd
CVE-2023-29203
2023-04-15 16:15:07

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for PRION:CVE-2023-29203
osv2github1openvas1cve1cvelist1nvd1