1. Home
  2. Vulnerabilities
  3. CVE-2023-34466

CVE-2023-34466

CVSS v3.1 4.3 (Medium)
43% Progress
EPSS 0.05 % (22th)
0.05% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2023-06-23 16:15:09
(15 months ago)
Updated Date
2023-06-30 13:13:28
(14 months ago)

Affected Products

Xwiki

Configuration #1

    CPE23 From Up To
  Xwiki from 5.0.1 version and prior 14.4.8 version cpe:2.3:a:xwiki:xwiki >= 5.0.1 < 14.4.8
  Xwiki from 14.10 version and prior 14.10.4 version cpe:2.3:a:xwiki:xwiki >= 14.10 < 14.10.4
  Xwiki 5.0 Milestone1 cpe:2.3:a:xwiki:xwiki:5.0:milestone1