cbcvebase.
CVE-2023-50719
published 2023-12-15

CVE-2023-50719: XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
83.55%
99.6th percentile
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.

Affected

8 ranges
VendorProductVersion rangeFixed in
xwikixwiki
xwikixwiki
xwikixwiki
xwikixwiki>= 15.0 < 15.5.215.5.2
xwikixwiki>= 7.3 < 14.10.514.10.5
xwikixwiki-platform
xwikixwiki-platform
xwikixwiki-platform

Detection & IOCsextracted from sources · hover to see the quote

otherXWikiUsers[0].password
  • Look for Solr search queries containing the field name 'XWikiUsers[0].password' in HTTP requests, which indicates exploitation of the XWiki Solr-based search password hash disclosure vulnerability.
  • A successful exploit returns HTTP 200 status code when querying for the password field via XWiki's Solr search endpoint.
  • ·The vulnerability affects XWiki versions starting from 7.2-milestone-2 up to (but not including) 14.10.15, 15.5.2, and 15.7-rc-1. All user profiles are public by default, meaning any unauthenticated or low-privileged user with view access can exploit this.
  • ·Beyond user password hashes, extension configurations containing secrets such as API keys that are viewable to the attacker are also exposed as plain text via this vulnerability.
  • ·There are no known workarounds; patching to XWiki 14.10.15, 15.5.2, or 15.7RC1 is the only remediation.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.