CVE-2023-29526
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.xwiki.platform:xwiki-platform-oldcore | >=10.11.1,<13.10.11 | 13.10.11 |
| Maven | org.xwiki.platform:xwiki-platform-oldcore | >=14.0-rc-1,<14.4.8 | 14.4.8 |
| Maven | org.xwiki.platform:xwiki-platform-oldcore | >=14.5,<14.10.3 | 14.10.3 |
| Maven | org.xwiki.platform:xwiki-platform-rendering-async-macro | >=10.11.1,<13.10.11 | 13.10.11 |
| Maven | org.xwiki.platform:xwiki-platform-rendering-async-macro | >=14.0-rc-1,<14.4.8 | 14.4.8 |
| Maven | org.xwiki.platform:xwiki-platform-rendering-async-macro | >=14.5,<14.10.3 | 14.10.3 |
References
Verify integrity in audit chain (admin only). AS-IS.