CVE-2023-34466

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 23, 2023

Updated: Jun 30, 2023

CWE ID 200

Summary

CVE-2023-34466 is a vulnerability affecting the XWiki Platform, a generic wiki offering runtime services for applications. In versions 5.0-milestone-1 and earlier, the tags API leaks information about tags from pages that are not accessible to the current user. This disclosure can be exploited to infer the document references of non-viewable pages. This issue has been addressed in XWiki versions 14.4.8, 14.10.4, and 15.0-rc-1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rt4FP2
https://www.cve.org/CVERecord?id=CVE-2023-34466
https://nvd.nist.gov/vuln/detail/CVE-2023-34466

Back to Vulnerability Database