XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to
WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on
All versions starting from 3.2-m3 before 13.4.4, all versions starting from 13.5.0 before 13.10.9, all versions starting from 14.0.0 before 14.7-rc-1
Upgrade to versions 13.4.4, 13.10.9, 14.7-rc-1 or above. Note: 14.7-rc-1 may be an unstable version. Use caution.