CVE-2023-38509
low-risk
Published 2023-11-07
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.
Do I need to act?
-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (8)
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal