Advisories for Maven/Org.xwiki.contrib.changerequest/Application-Changerequest-Default package

2023

Insufficiently Protected Credentials

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has …