XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
{
"cwe_ids": [
"CWE-359"
],
"cna_assigner": "GitHub_M",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35151.json"
}{
"versions": [
{
"introduced": "7.3-milestone-1"
},
{
"fixed": "14.4.8"
}
]
}