CVE-2023-50719
XWiki Platform Solr search discloses password hashes of all users
In short
XWiki's search feature unintentionally exposes password hashes of all users in search results. Since user profiles are public by default, anyone can see these sensitive credentials.
Technical detail
The Solr-based search functionality in XWiki Platform fails to filter sensitive fields (CWE-200: Exposure of Sensitive Information) from search indexes, allowing unauthenticated or low-privileged users to retrieve password hashes and API keys through standard search queries. Affected versions 7.2-milestone-2 through 15.7-rc-1 lack proper access controls on indexed sensitive data.
Summary generated and translated by AI from the official description.
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
xwiki · xwiki-platformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →