Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-search-solr-api
Version15.7-rc-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5wg7-92jm-2ke4
vulnerability_id VCID-5wg7-92jm-2ke4
summary 
Exposure of Private Personal Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
references
0
reference_url https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
1
reference_url https://jira.xwiki.org/browse/XWIKI-21208
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-21208
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50719
reference_id CVE-2023-50719
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50719
3
reference_url https://github.com/advisories/GHSA-p6cp-6r35-32mh
reference_id GHSA-p6cp-6r35-32mh
reference_type
scores
url https://github.com/advisories/GHSA-p6cp-6r35-32mh
4
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh
reference_id GHSA-p6cp-6r35-32mh
reference_type
scores
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
aliases CVE-2023-50719, GHSA-p6cp-6r35-32mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wg7-92jm-2ke4
1
url VCID-qpsq-kbzf-mugk
vulnerability_id VCID-qpsq-kbzf-mugk
summary 
Exposure of Sensitive Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.
references
0
reference_url https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
1
reference_url https://jira.xwiki.org/browse/XWIKI-20371
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-20371
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50720
reference_id CVE-2023-50720
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50720
3
reference_url https://github.com/advisories/GHSA-2grh-gr37-2283
reference_id GHSA-2grh-gr37-2283
reference_type
scores
url https://github.com/advisories/GHSA-2grh-gr37-2283
4
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283
reference_id GHSA-2grh-gr37-2283
reference_type
scores
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@14.10.15
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.5.2
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1
aliases CVE-2023-50720, GHSA-2grh-gr37-2283
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpsq-kbzf-mugk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api@15.7-rc-1