Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@15.1

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-rest-server

Version 15.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 15.2

Latest_non_vulnerable_version 17.7.0-rc-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-dxfr-k1tg-83fj

vulnerability_id VCID-dxfr-k1tg-83fj

summary

Exposure of Resource to Wrong Sphere
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.

references

reference_url	https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede
reference_id
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede

reference_url	https://jira.xwiki.org/browse/XWIKI-16138
reference_id
reference_type
scores
url	https://jira.xwiki.org/browse/XWIKI-16138

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-35151
reference_id	CVE-2023-35151
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-35151

reference_url	https://github.com/advisories/GHSA-8g9c-c9cm-9c56
reference_id	GHSA-8g9c-c9cm-9c56
reference_type
scores
url	https://github.com/advisories/GHSA-8g9c-c9cm-9c56

reference_url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56
reference_id	GHSA-8g9c-c9cm-9c56
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.4.8
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.4.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.4.8

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.10.6
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.10.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@14.10.6

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@15.1
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@15.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@15.1

aliases CVE-2023-35151, GHSA-8g9c-c9cm-9c56

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxfr-k1tg-83fj

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@15.1

Package Instance