CVE-2023-50719
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-50719
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50719.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-50719
- Aliases
- Published
- 2023-12-15T19:02:40Z
- Modified
- 2025-11-08T12:15:08.895834Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- XWiki Platform Solr search discloses password hashes of all users
- Details
-
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-200", "CWE-359" ] }- References
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
xwiki-application-calendar-1.*
xwiki-application-calendar-1.0
xwiki-platform-7.*
xwiki-platform-7.3-milestone-2
xwiki-platform-7.4-milestone-1
xwiki-platform-7.4-milestone-2
xwiki-platform-8.*
xwiki-platform-8.0-milestone-1
xwiki-platform-8.0-milestone-2
xwiki-platform-8.1-milestone-1
xwiki-platform-8.1-milestone-2
xwiki-platform-8.2-milestone-1
xwiki-platform-8.2-milestone-2
xwiki-platform-8.3-milestone-1
xwiki-platform-9.*
xwiki-platform-9.9-rc-2
xwiki-plugin-tag-1.*
xwiki-plugin-tag-1.1
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "93925105306968018685796690826450325125",
"length": 1084.0
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/metadata/AbstractSolrMetadataExtractor.java",
"function": "setPropertyValue"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-15b720ec",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265315977861434662249757198221642710887",
"127531877473791471874437065679737062069",
"336229106330572085247908967926095848811",
"199867691789199289463853094036913287048",
"163053014790463644093641806659738991834",
"152644163725477781810359785725693452999",
"110601429417761692597725382384361198233",
"318847731677152389716702296473430929513",
"257253159900104146714479480866998577969",
"28366290763257505047790626095228019650",
"329675119135716672735158647862013330460",
"105898999069018783585981867057960165568",
"232087373398601055330610000862208590475",
"100596179057007799919243982773280895169",
"68967667371333273998206850358021275720",
"297030888110514751968244791471089724544",
"141039190547219707115745700384114302779",
"317314858867781235854680072503854585567",
"190293120834680813456262211992816779794"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/test/java/org/xwiki/search/solr/internal/metadata/DocumentSolrMetadataExtractorTest.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-2f96ea5c",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"299823867607376162175301875065690942595",
"314486706748319290433557032833449698939",
"30755601289292914168740099282806122203",
"26163945303880051274495443711125574021",
"11415685919322775808658183510903363044",
"55146850148178014854661597188507682437",
"122634211842460692261973302289138313209",
"197417120404920697118250151303506644065",
"78562742928823697900538997012224827142",
"339695036289227027320622028935915061896",
"16252902414201523889200621441004486251",
"274049668350858680659430872324583291403",
"117390990404906448715887869288250146855",
"208401663225964169880698102696125944506",
"323214536951524190230325404748132262439"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/metadata/ObjectPropertySolrMetadataExtractor.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-46489249",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "299751476019983532201065731183301022320",
"length": 425.0
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/metadata/ObjectPropertySolrMetadataExtractor.java",
"function": "setLocaleAndContentFields"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-4b4a0a6f",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"263043394465742512770503705341864171247",
"226863170005305233291543138156170185055",
"95184679403228769266038732514291479664",
"107720146877882706049186488963233406056",
"263750742874281092023007429806969386863",
"87378351220037572677396872726610202462",
"82166424658830968365601659696015701784",
"202535316181820502267467261876246470670"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/test/java/org/xwiki/search/solr/internal/SolrIndexEventListenerTest.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-58cdc2bb",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"314762043063645579730006846323692979604",
"232259619262325037092033979136610545149",
"18186187978777062107295926483208131514",
"168666102803661187874815269259218458101",
"244433130957329346093485316328794646034",
"334172952875971223023978684405070362394",
"105898999069018783585981867057960165568",
"107265595692675328621451625632024594065",
"285297581465331383430790256092103533598",
"108744419183721705904878629332784925074",
"43019344611420018634143774643727408788",
"290928794401884980915113713629279421999",
"7394113026278867694575649171134223729",
"246896427852618457622654829528427270825",
"300420741494469143393930343646814065740",
"609333286846143080231355827943808219",
"89722914977796182060449493233407803182",
"304350775709413720881554595554374057963",
"64442638133311408244842729302269840222",
"54065552592630792169088518989647984858",
"333982129199306325552071994547871961956",
"87208457336784995805036642717559052878",
"89468874525341310365663353762544654994",
"149372401639728422116797449682913815050",
"296137067124743726835374298140145827554",
"21774944836655017329778889241564096619",
"263921637668408390095492200835599596894"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/metadata/AbstractSolrMetadataExtractor.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-90f5d943",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329755099869889152892142950720827313254",
"140008528679743791172426670057393647409",
"292243806470744605257650172331301541859",
"243912641499883403742434567622571001508",
"88592189257998789612147812698058288617",
"258596029164901990716748652172429245644",
"173473773826527917381662494160712112189",
"270919452663703670179616894441350977051",
"312778157313364292598377841839571564910",
"300305898722809860543308677225631544990",
"27319966468381133470141891607043613682",
"218144962608629338023320755369423267521",
"339245511567041079536986167609467248328",
"160576589889276529133733734566580470228",
"98113804474049697831912514216057646890",
"43012969654864530540131913807351320038",
"211744646286884270535461414077092925543",
"36942921971025238513273098266618344969"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/DefaultSolrIndexer.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-cf3ccdf8",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "286704408812193713555176339986612863664",
"length": 2229.0
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/SolrIndexEventListener.java",
"function": "onEvent"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-d3ecede0",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"49489471125462577435426582226572562204",
"58273406057391144471475943813626309676"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-mail/xwiki-platform-mail-general/src/main/java/org/xwiki/mail/internal/configuration/AbstractGeneralMailConfigClassDocumentConfigurationSource.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-d72f6c8e",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"117972276871871338077664540512968773359",
"34443284224708894660608577848831218115",
"164404014996171934465140988484671909068",
"299483188273102799867657552779178633892"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/metadata/DocumentSolrMetadataExtractor.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-d78cfd45",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250545146946727408911158593676548411874",
"17035550666507998441718449232569178019",
"133481589671714298262829031034394375422",
"250742066319907204521173033715781239755",
"289864308541214954313716087068974068558",
"62603864676086790294175842232911008385",
"115080531816747416912936042660288695349",
"168889008103260262432596022703616025804",
"172335536189705372043975574724399835982",
"325451447056143551853666500203328032288",
"8045837913014279087055954203676228952",
"177037064404081652384504734801119758088"
]
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/SolrIndexEventListener.java"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-da8c7316",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "222505051336350433685342887463931621163",
"length": 236.0
},
"target": {
"file": "xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-api/src/main/java/org/xwiki/search/solr/internal/DefaultSolrIndexer.java",
"function": "getSolrDocument"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"id": "CVE-2023-50719-df186914",
"deprecated": false,
"signature_version": "v1"
}
]