Protect Your XWiki Account: Solr Search Vulnerability Disclosed Passwords

CVECVE-2023-50719
CVSScvssV3_1: 7.5
SourceCVE-2023-50719

XWiki is a popular open source wiki platform that was found to have a vulnerability in its Solr search functionality. The issue allowed anyone who could view user profiles to see passwords stored in plain text. Since profiles are public by default, this meant passwords for all XWiki users were exposed.

Solr is the search engine used by XWiki. The vulnerability occurred because password hashes were being returned in search results without being properly encrypted. This gave attackers easy access to passwords just by viewing profiles. It could also reveal private API keys or other credentials stored on user profiles.

The good news is XWiki has released patches to fix the problem in recent versions 14.10.15, 15.5.2 and 15.7RC1. However, if you’re using an earlier version you’re still at risk of having your passwords seen.

To protect yourself, make sure to update XWiki to the latest version. You should also change your password on any other sites if you reused the same one on XWiki. Finally, consider enabling stronger security settings like private profiles if available. Staying on top of software updates is key to avoiding these kinds of vulnerabilities.

References