CVE-2023-29203

CVSS V2 None CVSS V3 None

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.

Overview

CVE ID
CVE-2023-29203

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-15T16:15:07

Last Modified Date
2023-04-17T13:12:43

Weakness Enumerations

CWE	URL
CWE-359	http://cwe.mitre.org/data/definitions/359.html

References

Reference URL	Reference Tags
https://github.com/xwiki/xwiki-platform/pull/1883
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83
https://jira.xwiki.org/browse/XWIKI-20007

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-29203
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29203

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:47:07				Added to TrackCVE
2023-04-17 04:47:11			Weakness Enumeration	new
2023-04-17 14:01:14		2023-04-17T13:12:43	CVE Modified Date	updated
2023-04-17 14:01:14	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-20 15:00:59	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated