Upgrade XWiki Now to Patch Critical File Access Vulnerability

CVECVE-2023-37910
CVSScvssV3_1: 8.1
SourceCVE-2023-37910

XWiki, the popular open source wiki platform, has addressed a serious file access issue in recent releases. The vulnerability allowed any user with edit permissions on a wiki page to move attachments from other pages, even if they didn’t have access to view or modify the source page. This could enable an attacker to access and potentially publish private files just by knowing their name, without the proper permissions.

The flaw was introduced in XWiki 14.0 and affected versions up to 14.4.7, 14.10.3 and 15.0 beta 1. It has since been patched in 14.4.8, 14.10.4 and 15.0 RC1. Unfortunately, there is no workaround other than updating to one of these fixed versions.

If you are running an older version of XWiki, it is strongly recommended to upgrade immediately. Attackers could exploit this vulnerability to view and redistribute confidential documents and attachments that they should not have access to. All XWiki users should also be careful about what files they share until the update is applied.

Updating your XWiki installation only takes a few minutes and helps protect your wiki from this serious file access vulnerability. Don’t delay – apply the patch today to secure your XWiki environment.

References