5 matches found
The vulnerability of the Mail.MailConfig component in the XWiki Platform, a platform for creating collaborative web applications, allows a hacker to modify email sending configurations.
The vulnerability of the Mail.MailConfig component in the XWiki platform, a tool for creating collaborative web applications, stems from insecure management of privileges. Exploiting this vulnerability allows an attacker to remotely modify email sending configurations...
Design/Logic Flaw
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...
CVE-2023-34465
Summary : CVE-2023-34465 affects XWiki Platform. Starting in version 11.8-rc-1 up to 15.2, any logged-in user could edit the Mail.MailConfig page, allowing alteration of mail obfuscation and the mail delivery configuration, including SMTP domain and credentials. This represents a potential impact...
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Impact Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can: - change the mail obfuscation configuration - view and edit the mail sending configuration, including the smtp domain name and credentials. Patches The problem has been patched on XWiki 14.4.8, 15.1, an...