CVE-2023-38509

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 7, 2023

Updated: Mar 18, 2024

CWE ID 402

Summary

CVE-2023-38509 affects the XWiki Platform, a generic wiki solution. Prior to XWiki versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not properly implemented in the xwiki-platform-livetable-ui module, allowing obfuscated emails to bypass this security feature. This vulnerability has been addressed in XWiki versions 14.10.9 and 15.3-rc-1. As a temporary solution, users can modify the `XWiki.LiveTableResultsMacros` page according to the patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCSYbl
https://www.cve.org/CVERecord?id=CVE-2023-38509
https://nvd.nist.gov/vuln/detail/CVE-2023-38509

Back to Vulnerability Database