CVE-2023-38509
published 2023-11-07CVE-2023-38509: XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.66%
47.0th percentile
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | >= 3.5 < 14.10.9 | 14.10.9 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Obfuscated email addresses should not be sorted
osv·2023-07-27
CVE-2023-38509 [MEDIUM] Obfuscated email addresses should not be sorted
Obfuscated email addresses should not be sorted
## Impact
The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.
See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.
## Patches
This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.
## Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c).
## References
- https://jira.xwiki.org/browse/XWIKI-20601
- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c
## For more information
If you have any questions or comments about this advisory:
- Open an issue in [Jira XWiki.org](https:/
GHSA
Obfuscated email addresses should not be sorted
ghsa·2023-07-27
CVE-2023-38509 [MEDIUM] CWE-402 Obfuscated email addresses should not be sorted
Obfuscated email addresses should not be sorted
## Impact
The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.
See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.
## Patches
This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.
## Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c).
## References
- https://jira.xwiki.org/browse/XWIKI-20601
- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c
## For more information
If you have any questions or comments about this advisory:
- Open an issue in [Jira XWiki.org](https:/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0chttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25ghttps://jira.xwiki.org/browse/XWIKI-20601https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0chttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25ghttps://jira.xwiki.org/browse/XWIKI-20601
2023-11-07
Published