4 matches found
Design/Logic Flaw
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...
CVE-2023-34465
Summary : CVE-2023-34465 affects XWiki Platform. Starting in version 11.8-rc-1 up to 15.2, any logged-in user could edit the Mail.MailConfig page, allowing alteration of mail obfuscation and the mail delivery configuration, including SMTP domain and credentials. This represents a potential impact...
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Impact Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can: - change the mail obfuscation configuration - view and edit the mail sending configuration, including the smtp domain name and credentials. Patches The problem has been patched on XWiki 14.4.8, 15.1, an...