CVE-2023-34466: Infoleak
First published: Fri Jun 23 2023(Updated: )
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xwiki Xwiki | >=5.0.1<14.4.8 | |
| Xwiki Xwiki | >=14.10<14.10.4 | |
| Xwiki Xwiki | =5.0-milestone1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-34466?
CVE-2023-34466 is a vulnerability in XWiki Platform that leaks tags from pages not viewable to the current user.
How severe is CVE-2023-34466?
CVE-2023-34466 has a severity level of medium.
Which versions of XWiki Platform are affected by CVE-2023-34466?
Versions 5.0-milestone-1 to 14.4.8, 14.10.4, and 15.0-rc-1 of XWiki Platform are affected by CVE-2023-34466.
How can I fix CVE-2023-34466?
To fix CVE-2023-34466, you should update XWiki Platform to version 14.4.8, 14.10.4, or 15.0-rc-1.
Where can I find more information about CVE-2023-34466?
More information about CVE-2023-34466 can be found on GitHub and JIRA. Please refer to the provided links.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- vendor/xwiki
- canonical/xwiki xwiki
- version/xwiki xwiki/5.0.1
- version/xwiki xwiki/14.10
- version/xwiki xwiki/5.0-milestone1