The vulnerability of the Mail.MailConfig component in the XWiki Platform, a platform for creating collaborative web applications, allows a hacker to modify email sending configurations.

The vulnerability of the Mail.MailConfig component in the XWiki platform, a tool for creating collaborative web applications, stems from insecure management of privileges. Exploiting this vulnerability allows an attacker to remotely modify email sending configurations...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...

CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights

XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...

CVE-2023-34465

Summary : CVE-2023-34465 affects XWiki Platform. Starting in version 11.8-rc-1 up to 15.2, any logged-in user could edit the Mail.MailConfig page, allowing alteration of mail obfuscation and the mail delivery configuration, including SMTP domain and credentials. This represents a potential impact...

XWiki Platform's Mail.MailConfig can be edited by any user with edit rights

Impact Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can: - change the mail obfuscation configuration - view and edit the mail sending configuration, including the smtp domain name and credentials. Patches The problem has been patched on XWiki 14.4.8, 15.1, an...