CVE-2023-38509

Summary

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page XWiki.LiveTableResultsMacros following the patch.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 3.5-milestone-1, < 14.10.9affected
xwikixwiki-platform>= 15.0, < 15.3-rc-1affected

Weaknesses

  • CWE-402: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CVE Program Container

Additional References

References