CVE-2023-38509 – org.xwiki.platform:xwiki-platform-livetable-ui

Package

Manager: maven
Name: org.xwiki.platform:xwiki-platform-livetable-ui
Vulnerable Version: >=3.5-milestone-1 <14.10.9 || >=15.0 <15.3-rc-1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00364 pctl0.57696

Details

Obfuscated email addresses should not be sorted ## Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. ## Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. ## Workarounds The workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c). ## References - https://jira.xwiki.org/browse/XWIKI-20601 - https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c ## For more information If you have any questions or comments about this advisory: - Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) - Email us at [Security Mailing List](mailto:security@xwiki.org)

Metadata

Created: 2023-07-27T19:28:45Z
Modified: 2024-03-18T19:55:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-g9w4-prf3-m25g/GHSA-g9w4-prf3-m25g.json
CWE IDs: ["CWE-402"]
Alternative ID: GHSA-g9w4-prf3-m25g
Finding: F067
Auto approve: 1