CVE-2023-37910

Summary

CVE-2023-37910 is a vulnerability affecting the XWiki Platform, a wiki solution that offers runtime services for applications. This issue, present in versions prior to 14.4.8, 14.10.4, and 15.0-rc-1, allows an attacker with edit access to any document to move any attachment of another document to their own controlled document. This allows unauthorized access to and potential publication of any known-named attachment, along with deletion from the source document. Upgrading to XWiki versions 14.4.8, 14.10.4, or 15.0-rc-1 addresses the vulnerability, and there is no known workaround aside from upgrading.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.