Xwiki
CVE-2023-34466
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
AnalysisAI
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. Affected products include: Xwiki. Version information: version 5.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute
XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the u
XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical
XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl
XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical
XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl
A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical
XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today