CVE-2023-26473

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26473

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26473.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26473

Aliases

GHSA-vpx4-7rfp-h545

Published

2023-03-02T19:15:11Z

Modified

2024-09-02T20:55:30Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d72461ba6976af6005e2df511bdeeeb17ef2d74

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0667914a5ec125857bf348207ae592f08f869711

Fixed

08e0887f0362b21614e6bfcb5be7e1f568659c41