Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-g9w4-prf3-m25g: Obfuscated email addresses should not be sorted

Impact

The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.

See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.

Patches

This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.

Workarounds

The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.

References

  • https://jira.xwiki.org/browse/XWIKI-20601
  • https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c

For more information

If you have any questions or comments about this advisory:

ghsa
#mac#git#java#jira#maven

Package

maven org.xwiki.platform:xwiki-platform-livetable-ui (Maven)

Affected versions

>= 3.5-milestone-1, < 14.10.9

>= 15.0, < 15.3-rc-1

Patched versions

14.10.9

15.3-rc-1

Description

Impact

The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.

See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.

Patches

This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.

Workarounds

The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.

References

  • https://jira.xwiki.org/browse/XWIKI-20601
  • xwiki/xwiki-platform@1dfb680

For more information

If you have any questions or comments about this advisory:

  • Open an issue in Jira XWiki.org
  • Email us at Security Mailing List

References

  • GHSA-g9w4-prf3-m25g
  • xwiki/xwiki-platform@1dfb680
  • https://jira.xwiki.org/browse/XWIKI-20601

surli published to xwiki/xwiki-platform

Jul 27, 2023

Published to the GitHub Advisory Database

Jul 27, 2023

Reviewed

Jul 27, 2023

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission