2 matches found
CVE-2023-35151
CVE-2023-35151 (XWiki Platform) affects XWiki Platform versions 7.3-milestone-1 through 14.4.7, where any user can call a REST endpoint and obtain obfuscated passwords, even if mail obfuscation is enabled. The issue has been patched in 14.4.8, 14.10.6, and 15.1. No public workaround is documented...
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...