Lucene search
PRIOn knowledge basePRION:CVE-2023-50719HistoryDec 15, 2023 - 7:15 p.m.
Default credentials
2023-12-1519:15:00
PRIOn knowledge base
www.prio-n.com
4
xwiki
platform
vulnerability
disclosure
solr-based search
password hashes
user profiles
api keys
plaintext disclosure
patch
nvd
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren’t accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
Related
cvelist
cvelist
cve
cve
CVE-2023-50719
2023-12-15 19:15:09
osv
osv
CVE-2023-50719
2023-12-15 19:15:09
Solr search discloses password hashes of all users
2023-12-16 00:03:54
nvd
nvd
CVE-2023-50719
2023-12-15 19:15:09
nuclei
nuclei
XWiki < 4.10.15 - Sensitive Information Disclosure
2024-06-18 10:34:34
github
github
Solr search discloses password hashes of all users
2023-12-16 00:03:54