GHSA-5cf8-vrr8-8hjm, CVE-2023-26476
maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults
and WikisLiveTableResultsMacros
. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on LiveTableResults
and WikisLiveTableResultsMacros
.
All versions starting from 3.2-m3 before 13.4.4, all versions starting from 13.5.0 before 13.10.9, all versions starting from 14.0.0 before 14.7-rc-1
Upgrade to versions 13.4.4, 13.10.9, 14.7-rc-1 or above. Note: 14.7-rc-1 may be an unstable version. Use caution.
2023-03-06
source |