Headline
GHSA-g9w4-prf3-m25g: Obfuscated email addresses should not be sorted
Impact
The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.
See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.
Patches
This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.
Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.
References
- https://jira.xwiki.org/browse/XWIKI-20601
- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
Package
maven org.xwiki.platform:xwiki-platform-livetable-ui (Maven)
Affected versions
>= 3.5-milestone-1, < 14.10.9
>= 15.0, < 15.3-rc-1
Patched versions
14.10.9
15.3-rc-1
Description
Impact
The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.
See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.
Patches
This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.
Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.
References
- https://jira.xwiki.org/browse/XWIKI-20601
- xwiki/xwiki-platform@1dfb680
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
References
- GHSA-g9w4-prf3-m25g
- xwiki/xwiki-platform@1dfb680
- https://jira.xwiki.org/browse/XWIKI-20601
surli published to xwiki/xwiki-platform
Jul 27, 2023
Published to the GitHub Advisory Database
Jul 27, 2023
Reviewed
Jul 27, 2023