EUVD-2023-1738

Malicious code in bioql PyPI...

EUVD-2023-2060

Malicious code in bioql PyPI...

CVE-2023-38509

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...

XWiki Platform Security Vulnerability

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform 3.5-milestone-1 and later versions, which stems from a security vulnerability in the component...

Obfuscated email addresses should not be sorted

Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...

CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...

CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...

CVE-2023-34467

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...

CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151

CVE-2023-35151 (XWiki Platform) affects XWiki Platform versions 7.3-milestone-1 through 14.4.7, where any user can call a REST endpoint and obtain obfuscated passwords, even if mail obfuscation is enabled. The issue has been patched in 14.4.8, 14.10.6, and 15.1. No public workaround is documented...

CVE-2023-34467 XWiki Platform may retrieve email addresses of all users

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...

CVE-2023-34467

The CVE-2023-34467 issue affects XWiki Platform: in versions starting from 3.5-milestone-1 up to but not including 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully enforced. As a result, while user-facing emails could appear obfuscated, the REST responses also expo...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...

XWiki Platform 信息泄露漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An information disclosure vulnerability exists in XWiki Platform version 14.4.8, versions prior to 14.10.4, and versions prior to 15.0-rc-1, which stems from incomplete...

GHSA-7VR7-CGHH-CH63 XWiki Platform may retrieve email addresses of all users

Impact The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated allowing to infer the mail content The...