What is the severity of CVE-2022-23619?

CVE-2022-23619 has a moderate severity level due to its potential for user enumeration through the password reset functionality.

How does CVE-2022-23619 affect user privacy?

CVE-2022-23619 allows attackers to infer whether a specific user account exists on a closed wiki, compromising user privacy.

What versions of XWiki are affected by CVE-2022-23619?

CVE-2022-23619 affects XWiki versions below 12.10.9 and versions between 13.0 and 13.6, inclusive.

How can I mitigate CVE-2022-23619?

To mitigate CVE-2022-23619, it is recommended to update XWiki to a version that includes the fix, specifically 12.10.9 or higher.

Is there a recommended action for administrators regarding CVE-2022-23619?

Administrators should immediately upgrade their XWiki installations to a non-vulnerable version to prevent account enumeration attacks.

Vulnerability/
CVE-2022-23619

high

7.5

CWE

640 200

9/2/2022

3/8/2024

CVE-2022-23619: Information exposure in xwiki-platform

First published: Wed Feb 09 2022(Updated: )

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Xwiki	<12.10.9
Xwiki	>=13.0<=13.4
Xwiki	>=13.4.2<=13.6

Remedy

https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494

Remedy

https://jira.xwiki.org/browse/XWIKI-18787

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-23619?
CVE-2022-23619 has a moderate severity level due to its potential for user enumeration through the password reset functionality.
How does CVE-2022-23619 affect user privacy?
CVE-2022-23619 allows attackers to infer whether a specific user account exists on a closed wiki, compromising user privacy.
What versions of XWiki are affected by CVE-2022-23619?
CVE-2022-23619 affects XWiki versions below 12.10.9 and versions between 13.0 and 13.6, inclusive.
How can I mitigate CVE-2022-23619?
To mitigate CVE-2022-23619, it is recommended to update XWiki to a version that includes the fix, specifically 12.10.9 or higher.
Is there a recommended action for administrators regarding CVE-2022-23619?
Administrators should immediately upgrade their XWiki installations to a non-vulnerable version to prevent account enumeration attacks.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/xwiki
canonical/xwiki
version/xwiki/13.0
version/xwiki/13.4
version/xwiki/13.4.2
version/xwiki/13.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.