CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

XWiki Commons 安全漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. There is a security vulnerability in XWiki Commons, which stems from the fact that it is possible to list users that are not normally viewable from the subwiki by requesting the users on the subwiki, which is only...

GHSA-VVP7-R422-RX83 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

Impact It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last...

Unauthenticated user can retrieve the list of users through uorgsuggest.vm

A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem...