CVE-2023-26476

GHSA-5cf8-vrr8-8hjm, CVE-2023-26476

maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki

XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor

XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on LiveTableResults and WikisLiveTableResultsMacros.

All versions starting from 3.2-m3 before 13.4.4, all versions starting from 13.5.0 before 13.10.9, all versions starting from 14.0.0 before 14.7-rc-1

Upgrade to versions 13.4.4, 13.10.9, 14.7-rc-1 or above. Note: 14.7-rc-1 may be an unstable version. Use caution.

2023-03-06