CVE-2023-35151

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 23, 2023

Updated: Jun 30, 2023

CWE ID 359

CWE ID 668

Summary

CVE-2023-35151: XWiki Platform's REST vulnerability, impacting versions 7.3-milestone-1 and earlier up to 15.1, allows any user to retrieve obfuscated passwords via a REST endpoint, bypassing password protection even when mail obfuscation is activated. This issue has been addressed in versions 14.4.8, 14.10.6, and 15.1, with no known workarounds available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rt3gNJ
https://www.cve.org/CVERecord?id=CVE-2023-35151
https://nvd.nist.gov/vuln/detail/CVE-2023-35151

Back to Vulnerability Database