Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information exposure in xwiki-platform
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Xwiki Platform 授权问题漏洞
Vulnerability Description
Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在授权问题漏洞,该漏洞源于在受影响的版本中,即使wiki对访客关闭,也可以通过使用忘记密码表单来猜测用户是否在wiki上有账户。这个问题已经在XWiki 12.10.9, 13.4.1和13.6RC1上修复。建议用户及时更新。对于这个问题没有已知的解决方法。
CVSS Information
N/A
Vulnerability Type
N/A