XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.xwiki.platform:xwiki-platform-tool-jetty-resources(Maven) | 16.7.0 | 16.10.11 | N/A |
| org.xwiki.platform:xwiki-platform-tool-jetty-resources(Maven) | 17.0.0-rc-1 | 17.4.4 | N/A |
| org.xwiki.platform:xwiki-platform-tool-jetty-resources(Maven) | 17.5.0 | 17.7.0 | N/A |
CVSS Metrics
