CVE-2023-34467

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 23, 2023

Updated: Jun 30, 2023

CWE ID 402

CWE ID 668

Summary

CVE-2023-34467 affects the XWiki Platform, a widely-used wiki solution. Prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation feature had a limitation. Although the displayed mail to the end user was obfuscated, the unobfuscated version was still sent in the server's response. This issue allowed users to filter and sort on the unobfuscated mail content, ultimately revealing the actual email addresses, potentially putting user privacy at risk. This vulnerability has been addressed and patched in the specified versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rt11_7
https://www.cve.org/CVERecord?id=CVE-2023-34467
https://nvd.nist.gov/vuln/detail/CVE-2023-34467

Back to Vulnerability Database