XWiki Platform's tags on non-viewable pages can be revealed to users

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

信息暴露

XWiki Platform 信息泄露漏洞

XWiki Platform是法国XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 xwiki-platform-tag-api 5.0-milestone-1 到14.4.8版本、14.10.4之前版本、15.0-rc-1之前版本存在信息泄露漏洞，该漏洞源于标签 API 会泄露当前用户无法查看的页面中的标签， 还可以利用此信息来推断不可查看页面的文档引用。

N/A

N/A